incubator-esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vassil Dichev <>
Subject Re: Deleting user from access pool
Date Wed, 30 Sep 2009 09:09:51 GMT
> We should have unique Id which can not be deleted.User or Pool could have
> same name but have different unique id which only system know.
> The pool name can not have duplicate validate same name,
> but the validate pool could have a name as same as invalidate pool.

This is not a technical problem, but a social engineering aspect of
security. The user will not see this id, and even if they do, they
won't care. The thing they will see is the pool name. So if one day
the pool is deleted and on the next day another pool is added by a
different person, but with the same name, the user might be tricked
into sending confidential messages to that pool.

One way to alleviate the problem is to trigger a message that a user
has been added to a pool. But will this be enough? Or should we block
the pool name forever, even when the pool has been deleted?


View raw message