esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Xuefeng Wu <ben...@gmail.com>
Subject Re: Deleting user from access pool
Date Wed, 30 Sep 2009 08:26:58 GMT
Hi Vassil,
I add a small question too.
When do we update the AccessPool' attributes: lastModifer and
lastModifedDate?

When user modify AccessPool name, lastModife* will be updated.
How about when user modify AccessPool private? Should we update them?


On Wed, Sep 30, 2009 at 3:59 PM, Vassil Dichev <vdichev@apache.org> wrote:

> > Should we allow for a user to be deleted from an access pool?
> >
> > If yes what happens? Does he no longer have access to the messages in
> > the pool - irregardless of whether he wrote them or not?
>
> It should be possible to delete a user, yes. I think it has been
> discussed or specified in the requirements pdf that once a message is
> in the user's mailbox, it stays there, so that's how it works now. At
> any rate, deleting a message from the mailbox, which the user may have
> already seen doesn't offer any more security. A user also doesn't see
> messages in his/her mailbox, which were sent before he was added to
> the pool.
>
> The interesting part is what happens if a pool has been removed and
> whether it should be possible at all. This could pose a security
> problem if an impostor creates a pool with the same name (similar to
> what might happen with a deleted user account)
>



-- 
Global R&D Center,Shanghai China,Carestream Health, Inc.
Tel:(86-21)3852 6101

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message