Email transition

Trustmaster	#6048 2009-02-01 03:00
Administrators Thanked: 265 kez	Well, my 5 cents. I sometimes encounter these problems about emails: [list=1] Activation e-mails don't reach user mailboxes due to insane spam policies, which is no good. Usually have to re-register with another mailbox in this case. Sometimes you have to change email because the old mailbox is no longer valid, so it does no help if the activation email is sent to old box. Well, if you talk security, the problem is that if somebody has intercepted user's session, he can go to profile, change email and request password recovery for that email. And this way he steals the account completely. If all you want to avoid is this problem, I would advise just prompt for a password when user changes email. No complex coding, no extra database stuff. May the Source be with you!

Trustmaster

#6048 2009-02-01 03:00

Well, my 5 cents. I sometimes encounter these problems about emails:
[list=1]

Activation e-mails don't reach user mailboxes due to insane spam policies, which is no good. Usually have to re-register with another mailbox in this case.

Sometimes you have to change email because the old mailbox is no longer valid, so it does no help if the activation email is sent to old box.

Well, if you talk security, the problem is that if somebody has intercepted user's session, he can go to profile, change email and request password recovery for that email. And this way he steals the account completely. If all you want to avoid is this problem, I would advise just prompt for a password when user changes email. No complex coding, no extra database stuff.

May the Source be with you!