so 10. 2. 2018 v 13:23 odesílatel Guilherme Gonçalves < [email protected]> napsal:
> Hi Martin, > > I'm not authoritative on PII policies at all, but here's a couple of > things that came to mind as I read your question. > > 2018-02-10 11:26 GMT+00:00 Martin Urbanec <[email protected]>: > >> To prevent this tool from spamming I of course require its confirmation >> by accessing an URL with a random string (MD5 hash of user's email *and* >> random >> number from 1 to 100; I mean, those two things are in one hash). >> > > Does this mean the URL for a given email address can be guessed in at most > 100 attempts by someone who doesn't control the address? I think you'd > typically want to draw your random numbers from a much larger range, or use > as token something that was encrypted or signed with a secret only your > server knows. It would probably also make sense to make your URLs valid for > only a certain time. > *1000, but increased to 10 000 000, which should be big enough. I also can use more qualit hash than MD5 which will slow it down even more. > > However... > > >> Should I stop with collecting mails at all and use some WMF-maintained >> service for mass-emailing (mailman at lists.wikimedia.org maybe?) and >> make the tool to just send an email to the list itself? >> > > If creating a single mailing list is an option (for instance, you don't > plan on customizing the emails per user), this seems like a very good way > to go. > It is, this just was the easiest way for me when I was writing the tool. > > >> >> This question came to my mind before creating, so I do appologize for >> asking after programming. >> >> Best regards, >> Martin Urbanec >> -- >> Můj kalendář najdete na https://martin.urbanec.cz/calendar.html >> >> _______________________________________________ >> Wikimedia Cloud Services mailing list >> [email protected] (formerly [email protected]) >> https://lists.wikimedia.org/mailman/listinfo/cloud >> > > > > -- > Guilherme P. Gonçalves > _______________________________________________ > Wikimedia Cloud Services mailing list > [email protected] (formerly [email protected]) > https://lists.wikimedia.org/mailman/listinfo/cloud -- Můj kalendář najdete na https://martin.urbanec.cz/calendar.html
_______________________________________________ Wikimedia Cloud Services mailing list [email protected] (formerly [email protected]) https://lists.wikimedia.org/mailman/listinfo/cloud
