Opened 10 years ago
Closed 10 years ago
#680 closed defect (wontfix)
Uniqueness constraint on email addresses?
|Reported by:||Christopher Allan Webber||Owned by:|
We currently have no uniqueness constraint on emails in the database. I'm not sure why we don't. I began to worry about this after closing out #599 especially in case it could be used for some kind of goofy security exploit?
Is there any reason we wouldn't want to do this or don't have one presently?
Change History (2)
comment:1 by , 10 years ago
|Component:||programming → documentation|
comment:2 by , 10 years ago
|Status:||new → closed|
I added a note to the models about it. And now closing out! :)
We had a bit of discussion on irc on this.
Problems adding the constraint
If one wants to add the constraint, one first has to make sure the column is already unique. So what to do if it isn't? What to do with duplicated emailaddresses? remove one? Which? How is that user supposed to receive mail? No easy answer here. Answer not found till now.
Why do we need an email address in the first place? And why a unique one?
Users do not log in by email. They log in by username. And their email is mostly used to send mail to them, right?
Don't answer "spam accounts". That answer is plain wrong. If spammers find an instance, they will have enough throw away emailaddys to create enough fresh accounts.
Item 1. might feel security related. But either you control an emailaddy, or you don't control it. If you control it, well, you can gain access to a mediagoblin account.
First off: The main registration view tries to avoid duplicated emailaddys. So in the general case, it shouldn't really be an issue.
We decided to close this bug wontfix. There's no absolute need to enforce this on the db level. If two accounts have the same email, nothing important breaks.
Accepted breakage: If two users have the same email, and someone tries to recover their password by giving their email, they'll get a recover link for one of their account. Which one depends on the db implementation.