# from Caleb Phillips
# on Monday 20 February 2006 12:09 pm:
>>> a. pgp encrypt the e-mail if the app knew your public key
>> it's too much :)
>I agree. Overkill but cool. But, I think that it is cool enough to
>implement.
That's the way to think :-) If wearing a foil hat is fun, then hacking
encryption into a simple user's group webapp while wearing a foil hat
must be something like (fun^2)! [0] Right?
>It would just require that we add a field to the members
>database to hold the public key (or even better, a link to it)
No, hold the whole key. If we also implement openid, then we have the
linked system. No need to poke a hole in it.
> make it an optional field during member creation and modification.
> Then, if a user requests their password mailed to them, and there is
> a public key in the database, we can encrypt the email.
Optional is the key here. Also, an option to encrypt everything, maybe
also something that allows you to disable the spam-susceptible password
recovery feature in favor of an on-screen challenge-response based on
pgp encryption.
--Eric
[0] "fun-squared, factorial"
--
But you can never get 3n from n, ever, and if you think you can, please
email me the stock ticker of your company so I can short it.
--Joel Spolsky
---------------------------------------------------
http://scratchcomputing.com
---------------------------------------------------
_______________________________________________
PDXRuby mailing list
[email protected]
IRC: #pdx.rb on irc.freenode.net
http://lists.pdxruby.org/mailman/listinfo/pdxruby
