Libravatar (obsolete)

Confirmation emails should expire

Bug #781438 reported by François Marier on 2011-05-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Libravatar (obsolete)	Confirmed	Medium	Unassigned

Bug Description

Right now, messages sent to confirm one's email address don't expire.

They should expire in 24 or 48 hours:

- enforced in the verification code
- old unconfirmed email addresses should be removed on cron (bug 769771)
- email messages sent out should have some expiry headers to inform mail clients

The expiry headers are listed here:

http://www.cs.tut.fi/~jkorpela/headers.html
http://people.dsv.su.se/~jpalme/ietf/mail-headers/mail-headers.html

See original description

Tags:

François Marier (fmarier) on 2011-09-26

Changed in libravatar:
assignee:	nobody → François Marier (fmarier)

Revision history for this message

François Marier (fmarier) wrote on 2011-10-01:

The Mozilla secure coding guidelines recommend expiring them after 8 hours:

https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Email_Change_and_Verification_Functions

François Marier (fmarier) on 2011-11-05

Changed in libravatar:
importance:	Low → Medium

François Marier (fmarier) on 2012-03-06

Changed in libravatar:
assignee:	François Marier (fmarier) → nobody

François Marier (fmarier) on 2013-01-19

description:	updated
Changed in libravatar:
assignee:	nobody → François Marier (fmarier)

François Marier (fmarier) on 2018-10-05

Changed in libravatar:
assignee:	François Marier (fmarier) → nobody

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.