On Sunday, June 28, 2015 at 11:05:45 AM UTC-4, Massimo Di Pierro wrote: > > OK but notice, anybody, not even logged in, can already register using > somebody else's email address and that person would receive an unwanted > email with a link to verify their email. Unless > registration_requires_approval is set False. >
True, but in order to do bulk spam, you would either have to spend a lot of time or have the technical sophistication to automate via a script -- we don't have to make it easier. In any case, whether or not this facilitates abuse, I would still say it is not a feature that most developers would necessarily want available by default (unlike register, profile, login, recover password, which are all essential elements of a login system). This is specialized functionality that will only be desirable in some cases. Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
