django-multimail icon indicating copy to clipboard operation
django-multimail copied to clipboard
verified publisher icon scott2b

Implement option to not allow user to change primary email address

Open hkarpf opened this issue 10 years ago • 5 comments

I'm using this in a project where we assign users an initial account and do not want to allow them to change their primary address. I'm going to submit a merge request with a feature that would disallow that, e.g. an option of MM_DISABLE_CHANGE_PRIMARY_ADDRESS.

hkarpf avatar Jun 17 '15 00:06 hkarpf

I don't mind this option being added, but I don't quite understand the use case for it. Is it not the case that for a user to be able to change their primary address you would have to build that capability into your application's user interface? Maybe I am forgetting something, but without building the functionality explicitly in your application UI, I don't see how your users would actually change their primary addresses.

scott2b avatar Jun 17 '15 16:06 scott2b

You could not expose the change primary address field in your (read app developer) UI, but multimail would still allow the functionality in the background, security through obscurity. However if there was an option in multimail to disable that functionality completely, then no one could use that functionality without the app devs knowing it. @scott2b

hkarpf avatar Jun 18 '15 01:06 hkarpf

I still don't quite understand how primary address change could be enabled without both explicit UI and explicit view code enacting such. This is not quite the same thing as security through obscurity. Nevertheless, I don't have any particular problems with such an option to shut off the functionality altogether if you want to write it.

scott2b avatar Jun 18 '15 02:06 scott2b

Looking into this a bit more. I think I see -- what you are saying is that by including the multimail URLs, this includes the set-as-primary URL which exposes that view. So, yes, this is in fact a form of security by obscurity if do not really want to expose this functionality. I see what you are getting at now. If you don't want to have the set-primary functionality, then yes it would make sense to be able to turn it off via settings.

scott2b avatar Jun 18 '15 02:06 scott2b

Yeah "security through obscurity" was the wrong wording, more "limited functionality through obscurity". I'll craft something up and you can check it out, shouldn't be too hard.

hkarpf avatar Jun 18 '15 03:06 hkarpf