X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/20d8557c7bff61a7ba58c85a1bfac675c840cbb7..d3c15aed18ef9e67c3e785ac3cc0426c56e59ac7:/doc/todo/emailauth.mdwn diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn index 4cf2e48e5..ec7b4b96d 100644 --- a/doc/todo/emailauth.mdwn +++ b/doc/todo/emailauth.mdwn @@ -62,7 +62,7 @@ Implementation notes: Otherwise, someone could use passwordauth to register as a username that looks like an email address, which would be confusing to possibly a security hole. Probably best to keep passwordauth and emailauth accounts - entirely distinct. + entirely distinct. Update: passwordauth never allowed `@` in usernames. * Currently, subscription to comments w/o registering is handled by passwordauth, by creating a passwordless account (making up a username, not using the email address as the username thankfully). That account can be @@ -127,8 +127,10 @@ Thoughts anyone? --[[Joey]] >>> >>> Another way to do it would be to hash the email address, >>> so the commit appears to come from ->>> `smcv ` instead of +>>> `smcv ` instead of >>> from `smcv ` - if the hash is of `mailto:whatever` >>> (like my example one) then it's compatible with >>> [FOAF](http://xmlns.com/foaf/spec/#term_mbox_sha1sum). ->>> --[[smcv]] +>>> --[[smcv]]a + +>>> Email addresses are now cloaked in commits, using foaf:mbox_sha1sum. --[[Joey]]