esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Hirsch <>
Subject Re: Deleting user from access pool
Date Wed, 30 Sep 2009 08:43:30 GMT
I've created a JIRA item for this topic
( - the JIRA item is a
little misleading but it is basically deleting users from pools.

You've already worked on access pools. Maybe you'd like to work on this?



On Wed, Sep 30, 2009 at 9:59 AM, Vassil Dichev <> wrote:
>> Should we allow for a user to be deleted from an access pool?
>> If yes what happens? Does he no longer have access to the messages in
>> the pool - irregardless of whether he wrote them or not?
> It should be possible to delete a user, yes. I think it has been
> discussed or specified in the requirements pdf that once a message is
> in the user's mailbox, it stays there, so that's how it works now. At
> any rate, deleting a message from the mailbox, which the user may have
> already seen doesn't offer any more security. A user also doesn't see
> messages in his/her mailbox, which were sent before he was added to
> the pool.
> The interesting part is what happens if a pool has been removed and
> whether it should be possible at all. This could pose a security
> problem if an impostor creates a pool with the same name (similar to
> what might happen with a deleted user account)

View raw message