Give Bruno a pull request for CE's git repo But before you do this: 1. a lot of services using this kind of activation (ok, right they all could trap into the same you complain about) 2. as I wrote before to be sure not to send put the activation url to a bot, use the recaptcha func Bruno offers in the code. you just need your account with recaptcha, put the keys into config and run it And on the other hand: what you have changed that the activation is working but without code sent with the mail
On Sep 28, 9:33 pm, jdutil <[EMAIL PROTECTED]> wrote: > I understand that is how it is supposed to work, but when you sign up > and are sitting on the page talking about the email you can see the > activation code in the url. That defeats the purpose of the email > being the only thing containing the code. A bot could just snag the > url parse out the code and then hit the proper url for the activate > action. I don't think the code should be shown in the url after > signing up. When I get around to making the change since I added it > to my list if you guys agree with me I can submit the change to be > added into subversion. > > On Sep 28, 5:12 am, Fritzek <[EMAIL PROTECTED]> wrote: > > > this activation code is just sent by email and valid once. to have > > more security use the recaptcha at sign up plus the activation code > > > On 27 Sep., 23:53, jdutil <[EMAIL PROTECTED]> wrote: > > > > I havnt really dug into it at all yet so it may be justified for some > > > reason, but isn't this a large security hole? I intend to fix it > > > before going public, but am wondering if there is some reason for > > > this... Once the user signs up their activation code is in the url... > > > Doesn't that defeat the purpose of sending an activation email to help > > > prevent spammers/bots etc... While even activation emails aren't that > > > great of a system to stop bots it still makes it more difficult... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CommunityEngine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/communityengine?hl=en -~----------~----~----~----~------~----~------~--~---
