Post in Admin Modification of Group Members' Email Addresses

2008 May 15 05:09 UTC

While I wait for feedback on the GroupServer install process, I thought I would
look at some of my open Trac Tickets. At the top is Admin Modification of Group
Members' Email Addresses
  https://svn.iopen.net/projects/groupserver/ticket/251

  With adequate controls in place, a group administrator should
  be able to add a new email address to a user's account.

The phrase “with adequate controls” sums up the core of the problem: without
adequate controls, it is very easy for any administrator to take over all
GroupServer sites!
  1. Become a administrator of a group that the site-administrator is in.
  2. Add your email address to the site-administrator's account.
  3. Remove the site-administrator's email address.
  4. Success!

                                   ❦

Use Case 1: Mitchel Moves

Mitchel has moved to a new job, so cannot receive email at
mitchel_at_slave.drivers anymore. Unfortunately, she is not recieving any post
from the Knitted Freebies site because
  * Mitchel forgot to change her email addresses before changing jobs,
  * Mitchel cannot remember her password, and
  * Mitchel cannot reset her password because the notification will
    go to her old address.
Mitchel asks Nicky to add her new email address to her profile. Nicky adds the
new address, but the old one is left in place. Mitchel gets a email-address
verification message at her new email-account, verifies the address, resets her
password and then deletes her old address.

                                   ❦

Use Case 2: Olive Overwhelmed

Olive is overwhelmed with the email that she gets from the Lol Kitten group.
She asks Pat, the administrator for the group, about reducing the email load.
Pat, being a kind-hearted soul — whose generosity has not been sapped by the
unceasing demands of ungrateful users — switches Olive over to Digest mode for
the Lol Kitten group.

                                   ❦

Use Case 3: Quincy Quakes

Quincy needs to add his boss, Bertie, to the Führer Flywheel site.
Unfortunately, Quincy typed Bertie's email address in incorrectly. So he
changes it, removing the extra “r”, and the invitation to join the Flywheel
Fans group is resent.

                                   ❦

Use Case 4: Sam Bounces

Sam, sunning on a Sahara sojourn, is suddenly swamped by spam. Storage is
stopped by Sam's system service. The Sunday Surfers site suffers a setback:
sendings to Sam are stopped, summarily sent to sender. Stymied, Sam sends Tony
a text, telling of the troubles. Touched, Tony tends to the task. Verily,
verification is vouchsafed. Sam soon sees Sunday Suffers sendings.

[ I have to overthrow a government; I may be some time. ]