Admin Modification of Group Members' Email Addresses
From:
Michael JasonSmith
Date:
May 16 03:10 UTC
Short link
The use-cases in my earlier post
http://groupserver.org/r/post/10ivxKPYyOLw1VIkFgngAN
are all based on typical requests, relating to email addresses, that we get at
<<email obscured>>. In summary we have:
1. Adding an email address, because the old address is
bouncing (and is now unverified),
2. Altering a users message-delivery settings,
3. Correcting an incorrect (unverified) email address, and
4. Reverifying a message that has become unverified because
of a temporary situation.
(I am quite surprised that they can be pared down to those four, but there you
have it.)
The nice thing about three of the use-cases (1, 3 and 4) is they all are deal
with unverified email addresses! I propose the following rules for editing
email addresses.
* A group administrator or site administrator can only alter a
member's global email settings if — and only if — the member has
*no* verified email addresses. All an administrator can do is
- Add a new address, and
- Send out a verification message for an unverified address.
This rule will allow the administrator to carry out use-cases 1,
3 and 4, but prevent account hijacking.
* A group administrator can alter the *delivery* settings of
any member of the group that he or she administers. This rule
should allow the administrator to carry out use-case 2.
I cannot see any huge security holes in this proposal. Can anyone else?
Have I left any use-cases out?