On 1/2/13, Gavin McDonald <[email protected]> wrote: > [...] > >> A few points. >> >> 1) no email validation or captcha was required, that's a spam target. > > Ok this one I did get an email asking for verification, by this time though > an > acct is already created and I was allowed to login beforehand. >
yes . user may login , but may not do anything else until token verification is carried out successfully ... > Perhaps the email + token verification should happen before being allowed > to login for the first time? > ... so afaict that won't hurt. ;) PS: However , if you ask me , we should have captchas installed . At least on account creation procedure *if* spam becomes an issue . -- Regards, Olemis. Blog ES: http://simelo-es.blogspot.com/ Blog EN: http://simelo-en.blogspot.com/ Featured article:
