• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close • Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
Item5459: Email is not passed from registration form to user page
Item Form Data
| AppliesTo: | Component: | Priority: | CurrentState: | WaitingFor: | TargetRelease | ReleasedIn |
|---|---|---|---|---|---|---|
| Engine | Normal | No Action Required | n/a |
Edit Form Data
Detail
Is this intentional?
-- TWiki:Main/ArthurClemens
- 20 Mar 2008
Yes.
To protect privacy and prevent spam related email harvesting on public sites the email address is not automatically added to the user form.
-- TWiki:Main.KennethLavrsen - 20 Mar 2008
This has bitten me with BulkRegistration. I had to re-enter all e-mail addresses on all 30 user pages (and I can imagine organizations with more users).
-- TWiki:Main.ArthurClemens - 20 Mar 2008
This is a usability issue. Intranet use of TWiki has no e-mail harvesting issue, so it should be configurable, with the default to carry over the e-mail address.
-- TWiki:Main.PeterThoeny - 21 Mar 2008
Remember that before we introduced this behavior we had a serious security issue and a long discussion which ended up in a solution.
Please do not react on every bug report and revert same decision back and forth all over again. Next report is going to be a security bug that we expose people email address in the open by default.
We may have a problem with the bulk registration to fix but the normal registration should for sure not be turned into a security hell again.
The feature of hiding the email address is not active in a normal corporate Intranet site. It is only active when using a plain .htpasswd file and the TWiki::Users::HtPasswdUser as password manager.
When using for example a plain apache mod_ldap based solution the email address is stored in the users topic, simply because it has to. There are only two places TWiki can store an email address today. Either in the .htpasswd file or in the user topic.
TWiki can show email addresses in the users topics today if you set {AntiSpam}{HideUserDetails} to disabled. It is then displayed via the USERINFO line which is part of the default user form that we ship.
Our current implementation with .htpasswd and USERINFO gives the user the chance to register with one email address which is his real sensitive one and display another by manually adding a more disposable (e.g. gmail ) account in the form field.
In the rare cases where a corporate installation uses a plain htpasswd solution instead of a single sign on solution then it is possible to still display the email address via the USERINFO and {AntiSpam}{HideUserDetails} = 0
I have never played with bulk registration and here we may have a direct bug.
Bulk registration should work like normal registration. If you use TWiki::Users::HtPasswdUser as password manager the email address should be put in the .htpasswd file only. If you do not use the TWiki::Users::HtPasswdUser as password manager then TWiki should put the email address in the user form.
So to wrap up in a few bullets - 22 Mar 2008
- 20 Mar 2008
Yes.
To protect privacy and prevent spam related email harvesting on public sites the email address is not automatically added to the user form.
-- TWiki:Main.KennethLavrsen - 20 Mar 2008
This has bitten me with BulkRegistration. I had to re-enter all e-mail addresses on all 30 user pages (and I can imagine organizations with more users).
-- TWiki:Main.ArthurClemens - 20 Mar 2008
This is a usability issue. Intranet use of TWiki has no e-mail harvesting issue, so it should be configurable, with the default to carry over the e-mail address.
-- TWiki:Main.PeterThoeny - 21 Mar 2008
Remember that before we introduced this behavior we had a serious security issue and a long discussion which ended up in a solution.
Please do not react on every bug report and revert same decision back and forth all over again. Next report is going to be a security bug that we expose people email address in the open by default.
We may have a problem with the bulk registration to fix but the normal registration should for sure not be turned into a security hell again.
The feature of hiding the email address is not active in a normal corporate Intranet site. It is only active when using a plain .htpasswd file and the TWiki::Users::HtPasswdUser as password manager.
When using for example a plain apache mod_ldap based solution the email address is stored in the users topic, simply because it has to. There are only two places TWiki can store an email address today. Either in the .htpasswd file or in the user topic.
TWiki can show email addresses in the users topics today if you set {AntiSpam}{HideUserDetails} to disabled. It is then displayed via the USERINFO line which is part of the default user form that we ship.
Our current implementation with .htpasswd and USERINFO gives the user the chance to register with one email address which is his real sensitive one and display another by manually adding a more disposable (e.g. gmail ) account in the form field.
In the rare cases where a corporate installation uses a plain htpasswd solution instead of a single sign on solution then it is possible to still display the email address via the USERINFO and {AntiSpam}{HideUserDetails} = 0
I have never played with bulk registration and here we may have a direct bug.
Bulk registration should work like normal registration. If you use TWiki::Users::HtPasswdUser as password manager the email address should be put in the .htpasswd file only. If you do not use the TWiki::Users::HtPasswdUser as password manager then TWiki should put the email address in the user form.
So to wrap up in a few bullets - TWiki copies the email address to the user topic in a typical corporate installation using a different password manager than the simple .htpasswd based one.
- TWiki does not copy the email address to the user topic in the typical internet installation with public internet users where .htpasswd is normally used.
- Bulk registration needs to work the same way as normal registration
- 22 Mar 2008
| ItemTemplate | |
|---|---|
| Summary | Email is not passed from registration form to user page |
| ReportedBy |
TWiki:Main.ArthurClemens
|
| Codebase | |
| SVN Range | TWiki-5.0.0, Sun, 09 Mar 2008, build 16496 |
| AppliesTo | Engine |
| Component | |
| Priority | Normal |
| CurrentState | No Action Required |
| WaitingFor | |
| Checkins | |
| TargetRelease | n/a |
| ReleasedIn | |
Topic revision: r5 - 2008-03-22 - KennethLavrsen
Site map
Bugs web
Create New Report
Index
Search
Detailed Items Query
Changes
100
Notifications
RSS Feed
Statistics
Preferences
Bugs 
Items by urgency
My Reports
Recently Closed
Extensions
By Status 
Waiting for Feedback
Confirmed
Being Worked On
Waiting for Release
No Action Required
Lima 
Fixes for Rel.Notes
Create Feature Request
Account 
Copyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback