allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kenton Taylor" <ktay...@slashdotmedia.com>
Subject [allura:tickets] #8125 Require password when confirming new email address
Date Fri, 09 Sep 2016 13:40:50 GMT
Fix looks good, clear to merge.


---

** [tickets:#8125] Require password when confirming new email address**

**Status:** review
**Milestone:** unreleased
**Labels:** security 
**Created:** Thu Sep 08, 2016 02:18 PM UTC by Dave Brondsema
**Last Updated:** Thu Sep 08, 2016 04:29 PM UTC
**Owner:** Dave Brondsema


We should require a valid login session when opening an email verification link.  This avoids
the security risk of typos on new email addresses that could potentially let someone else
take over your account.



---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message