roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Wilson (JIRA)" <nore...@atlassian.com>
Subject [Roller-JIRA] Commented: (ROL-1469) Obfuscate blog authors email address on comment notifications
Date Tue, 21 Aug 2007 13:45:54 GMT

    [ http://opensource.atlassian.com/projects/roller/browse/ROL-1469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_14058
] 

Rob Wilson commented on ROL-1469:
---------------------------------

Adding comments that belong to this issue from  http://opensource.atlassian.com/projects/roller/browse/ROL-1455.

Allen Gilliland - [21/Jun/07 04:59 PM ] 
I took a look at the code and I see this ... 

        // use either the weblog configured from address or the site configured from address

        String from = weblog.getEmailFromAddress(); 
        if(StringUtils.isEmpty(from)) { 
            // TODO: this should not be the users email address 
            from = user.getEmailAddress(); 
        } 

i think this is what Linda is talking about. so the problem is that the email 'from' field
is populated with a value from the weblog settings if specified, otherwise it uses the entry
creators email address which is a privacy leak. 

it probably makes sense to do a couple of things to fix this 

1. allow users to set a flag in their profile to identify that they want their personal information
to remain private. this is necessary for sites that want to let bloggers decide for themselves
if they want their email address shared. 

2. provide a global configuration option which allows the site administrator to enforce a
privacy option like this for all users. 


> Obfuscate blog authors email address on comment notifications
> -------------------------------------------------------------
>
>                 Key: ROL-1469
>                 URL: http://opensource.atlassian.com/projects/roller/browse/ROL-1469
>             Project: Roller
>          Issue Type: Improvement
>            Reporter: linda skrocki
>            Assignee: Roller Unassigned
>
> When a user selects 'notify me of new comments' the email notifications show the blog
authors email address. Obfuscating the blog authors email address would be optimal.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/roller/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message