[pmwiki-users] Mail Post Manual Trigger
Joachim Durchholz
jo at durchholz.org
Fri Apr 29 14:45:34 CDT 2005
Patrick R. Michaud wrote:
> Well, I'm interested in it but I haven't happened upon a good mechanism
> for handling page subscriptions. Any mechanism we choose needs to
> be mindful of not allowing email addresses to be easily harvested/revealed,
> and preventing malicious/forged subscriptions.
To prevent mail harvesters from working, it's enough to never display a
list of email addresses (unless, possibly, the user is logged in as
administrator or something).
Preventing malicious/forged subscriptions could be done analogous to
mailing list subscriptions. I.e. the sequence of steps would be:
1. The user enters john at doe.org into the input field for the mail address.
2. PmWiki sends a mail to john at doe.org, saying something like: "Somebody
(probably you) requested that you be notified whenever page
http://bla.com/Group/Pagename changes. If that's the case, please click
on the link
http://wiki.tld/pmwiki.php?action=subscribe?user=john@doe.org?auth=9642687595.
If you didn't subscribe, please ignore this email. Please report any
abuse to abuse at wiki.tld."
3. PmWiki takes a mental note that it's expecting to get a confirmation
from john at doe.org with authentication code 9642687595; subscription
requests for john at doe.org with any other authentication code will be
silently ignored.
Of course, once people can really log in, PmWiki can also store users'
mail addresses. Then, subscribing to a page could be a simple action
link (well, at least after the mail address given is verified).
Regards,
Jo
More information about the pmwiki-users
mailing list