Re: Email security for monks?

Whilst I love the Perl Monks as much as the next person, if my email account were compromised access to this site would be the least of my worries.

As it is the email address of monks is not visible to visitors to their home nodes, so I'm not sure I understand what would be gained from adding another test to the edit user page. Sure it raises the bar slightly, but not enough to make it possible to prove your identity.

After all if the email address 'foo@bar.com' corresponding to a Monk were compromised surely they would just enter 'foo@bar.com' into the field anyway? This would only gain a user security if they used one specific email address which was non-public for this site, and nothing else.

Steve
---
steve.org.uk

Comment on Re: Email security for monks?

Replies are listed 'Best First'.
Re^2: Email security for monks? by shenme (Priest) on Oct 04, 2004 at 00:49 UTC
To explain a bit so you 'get' what she was referring to. Two problems present themselves with a public site such as PM. First, you have to login to the site from somewhere "out there." From a public PC or even your own, the password and/or cookie value might get 'sniffed' on the wire. Second, as Petruchio so visibly reminds, this is a public site and while clicking around your cookie value might get sniffed. So it is not your email account that is worried about in DigitalKittys question. It is your PM identity, which could be cracked, co-opted, the email address changed and then how do you get it back to being accessible only by you? So, back to the original question...	[reply]

Replies are listed 'Best First'.

Re^2: Email security for monks?
by shenme (Priest) on Oct 04, 2004 at 00:49 UTC

Petruchio

So it is not your email account that is worried about in DigitalKittys question. It is your PM identity, which could be cracked, co-opted, the email address changed and then how do you get it back to being accessible only by you? So, back to the original question...

[reply]