[pmwiki-users] email notification of page changes (watchlists)

Patrick R. Michaud pmichaud at pobox.com
Sat May 27 07:55:35 CDT 2006


On Sat, May 27, 2006 at 01:03:47PM +0200, Joachim Durchholz wrote:
> Patrick R. Michaud schrieb:
> > On Fri, May 26, 2006 at 07:56:39PM +0000, J. Meijer wrote:
> >> What happens when she's suddenly in Wonderland, (maliciously) 
> >> being flooded with email?? 
> > 
> > I'm afraid I don't understand the question here.
> 
> Somebody could select a wiki with lots of changes and enter Alice's 
> email to its Site.NotificationList, possibly with a squelch time of 1 
> second. Alice would get thousands of tiny mails, and require hours to 
> clean her inbox when she returns from Wonderland.

"Somebody" can do this only if they have write permission to the 
Site.NotifyList page, which is password protected by default
(along with most other pages in the Site group).  I would not
recommend having this page open to anonymous editing.  And when
the form-based system is in place, the page can be locked against edits
except by the admin.

Alice would get "thousands of tiny mails" only if there were 
thousands of posts.   Even pmwiki.org isn't *that* busy.

> Somebody really malicious could add her address multiple times. Possibly 
> with different (but overlapping) sets of pages to check so that every 
> mail will be different, so PmWiki couldn't collapse them into a single 
> mail. (Maybe PmWiki should merge multiple mails to the same mail address 
> anyway. Something to consider for the next version - it might help with 
> legitimate cases, too.)

*sigh*  I'm way ahead of you here -- PmWiki *already* merges multiple
mails to the same address.  

Pm




More information about the pmwiki-users mailing list