Edgewall Software

Changes between Version 24 and Version 25 of TracDev/Proposals/EmailValidation


Ignore:
Timestamp:
Dec 15, 2010, 12:30:25 AM (13 years ago)
Author:
Carsten Klein <carsten.klein@…>
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • TracDev/Proposals/EmailValidation

    v24 v25  
    55== The Context ==
    66
    7 User enters a new or changes an existing email address in the general preferences tab or a different tab from a different contributor.
    8 Under all circumstances, a verification email must be sent to the user containing a link that will validate the email address to the system, so that the
    9 change will come into effect and the email address will be considered safe for sending notification emails to.
     7User enters a new or changes an existing email address in the general preferences tab.
     8Under all circumstances, a verification email for confirming the address must be sent to the user, containing a link that will validate the email address with the system. Only when confirmed, the change of the e-mail address must come into effect, otherwise, the change will be rendered invalid and the e-mail address entered will be discarded/ignored.
    109
    1110However, the general preferences tab may not be the only place where user's might enter an email address. Similar input fields exist in the ticket system where
    1211one can add email addresses for ticket change notification. Other such possibilities for input of an email address might exist, given the wide range of available
    1312plugins making use of the notification subsystem.
     13
     14Additionally, in TracIni there exist some configuration entries which might contain email addresses. Should these be validated too by the system or should these be taken for already having been validated by the administrator who defined the configuration?
    1415
    1516== Requirements ==
     
    5556 - hashes made up from the e-mail address and a timestamp are being used for validation purposes and communicating the validation links to the user.
    5657 - for renewal of validation requests, email addresses will be url encoded.
    57  - feel free to move it back up to requirements once we have finalized this issue, thanks.
     58 - as for email addresses entered not matching the given production rules set forth in RFC822, these should definitely be rejected until successors of that RFC, namely those which support UTF-8 encoding of smtp headers, have become widely accepted, see #9085 for more information
     59 - '''feel free to move it back up to requirements once we have settled on this issue, thanks.'''
    5860
    5961==== Proposed Solution ====