Tags:
create new tag
, view all tags

E-mail addresses - where to store then and when to display them on the user topic.

Original topic created by -- KennethLavrsen - 22 Jan 2006

Cairo

In Cairo the users email address is shown and stored one place: The users topic in the Main web.

  • Not mandatory to put valid email address.

  • Advantages
    • smile Simple to understand
    • smile Visible when you want to contact the person directly

  • Disadvantages
    • frown Attracts spam harvesters. The antispam padding is out of date.
    • frown If the user topic is not write protected (often not desired) anyone can change it

Dakar (TWiki 4.0.0)

  • The format: A form field called Email, backwards compatible with old Cairo user topics.

  • New registration scheme makes it mandatory to use valid email address to receive activation code.

  • Advantages
    • smile Simple to understand
    • smile Visible when you want to contact the person directly

  • Disadvantages
    • frown Attracts spam harvesters. The antispam padding is out of date
    • ALERT! ALERT! ALERT! If the user topic is not write protected (often not desired) anyone can change it. Because of the new reset password feature this made it all too easy to hi-jack a user account

Solution introduced 21 Jan 2006

  • Email address is instead stored in the Apache password file.
  • Email address is no longer shown on users topic.
  • User interface added for changing email address

This is all brilliant. And the right way to go. But it creates some new problems that we need to resolve.

The new problems

  • Email address no longer has a field
    • Where does TWiki store and get the email address in the non Apache authentication case (no .htpasswd file). For example when using an LDAP server for authentication.
    • If people choose to show their email address in a public TWiki - where do they put it?
    • In an Intranet Wiki you will always want the email address visible on your use topic (no spam harvesting problem)

The dilemma

There is an email field in the form on the user topic

  • In the Intranet case with maybe LDAP authentication this is the best way to go.
  • In the public Internet site - we should not force users to let their email address show in public.

Problem:

  • If there is an email field in the form AND you are using the apache .htpasswd authentication and store the emails in this secret file - the users will be confused because there are TWO places email addresses are stored.

There is no email field in the form on the user topic

  • Where is the email then stored and used for notification, action tracker plugin mailing etc?
  • For public sites - where do people put their email address if they do want it shown?

Solutions

  • KennethLavrsen suggests:
    • It is obvious that we need an email field in the user topic. We removed it. We agreed. We forgot the Intranet use case because we were so focussed on the public Internet case.
    • When a user registers on a public site with apache .htpasswd - his email address should only be added to the secret .htpasswd file and not to the user topic.
    • The user on a public TWiki site can choose to add his email in a visible form
    • When a user registers on an Intranet TWiki with e.g. LDAP authentication, the email address should always be added to the user topic in the email form field.
    • I do not have a good proposal how to control this. Configure setting would be my proposal.
    • I do not have a good proposal how to explain to the casual or newbie user of the TWiki site with email address in secret .htpasswd file...
      • The difference between the secret email field accessible through ChangeEmailAddress and the Email field in the form on his home user topic.
      • Make the user aware of the existance of the secret email address.
    • The only solution I can think of is a lot of blablabla in the user topic. We need some good ideas how to do a more intuitive user interface for the public Twiki site case.

Discussion

Further to a chat on IRC, here's the low down.

  1. Kenneth wants to use mod_ldap to do auth (which is fine)
  2. He does not want to provide an LDAP password manager that can store passwords
  3. He does not want to use the htpasswd password manager, because it uses the password in the htpasswd file to verify the right to change the email address.
OK, no problem. There are two obvious fixes to this:
  1. The default "none" password manager should store emails in the user topic. Then he can set the password manager to "none" and have emails.
  2. The htpasswd manager should be smarter about how it checks the password.

CC

BasicForm
TopicClassification TWikiDevQuestion
TopicSummary How to store and display the email address of the user
InterestedParties

RelatedTopics

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2006-01-23 - CrawfordCurrie
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.