Opened 12 years ago

Closed 11 years ago

#680 closed defect (wontfix)

Uniqueness constraint on email addresses?

Reported by: Christopher Allan Webber Owned by:
Priority: major Milestone:
Component: documentation Keywords: bitesized
Cc: Elrond Parent Tickets:

Description

We currently have no uniqueness constraint on emails in the database. I'm not sure why we don't. I began to worry about this after closing out #599 especially in case it could be used for some kind of goofy security exploit?

Is there any reason we wouldn't want to do this or don't have one presently?

Change History (2)

comment:1 by Elrond, 12 years ago

Component: programmingdocumentation

We had a bit of discussion on irc on this.

Problems adding the constraint

If one wants to add the constraint, one first has to make sure the column is already unique. So what to do if it isn't? What to do with duplicated emailaddresses? remove one? Which? How is that user supposed to receive mail? No easy answer here. Answer not found till now.

Other statements

Why do we need an email address in the first place? And why a unique one?

Users do not log in by email. They log in by username. And their email is mostly used to send mail to them, right?

Don't answer "spam accounts". That answer is plain wrong. If spammers find an instance, they will have enough throw away emailaddys to create enough fresh accounts.

  1. recover account by giving your emailaddy. Yes, this makes sense! No questions asked.
  2. Login by browserid/persona, which really is "login by emailaddr". But IMHO, the login-email should not need to be the "registered-email" (or email used for receiving mail). You might want to use your.main.addr@ for login but mediagoblin-folder@ for your mediagoblin mail.

Item 1. might feel security related. But either you control an emailaddy, or you don't control it. If you control it, well, you can gain access to a mediagoblin account.

Conclusion

First off: The main registration view tries to avoid duplicated emailaddys. So in the general case, it shouldn't really be an issue.

We decided to close this bug wontfix. There's no absolute need to enforce this on the db level. If two accounts have the same email, nothing important breaks.

Accepted breakage: If two users have the same email, and someone tries to recover their password by giving their email, they'll get a recover link for one of their account. Which one depends on the db implementation.

Next step

  1. Decide on wether this should be documented anywhere in the source and/or admin docs.
  2. Close this bug wontfix.

comment:2 by Christopher Allan Webber, 11 years ago

Resolution: wontfix
Status: newclosed

I added a note to the models about it. And now closing out! :)

Note: See TracTickets for help on using tickets.