Confirmation emails should expire

Bug #781438 reported by François Marier on 2011-05-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Libravatar
Medium
Unassigned

Bug Description

Right now, messages sent to confirm one's email address don't expire.

They should expire in 24 or 48 hours:

- enforced in the verification code
- old unconfirmed email addresses should be removed on cron (bug 769771)
- email messages sent out should have some expiry headers to inform mail clients

The expiry headers are listed here:

  http://www.cs.tut.fi/~jkorpela/headers.html
  http://people.dsv.su.se/~jpalme/ietf/mail-headers/mail-headers.html

Changed in libravatar:
assignee: nobody → François Marier (fmarier)
François Marier (fmarier) wrote :

The Mozilla secure coding guidelines recommend expiring them after 8 hours:

  https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Email_Change_and_Verification_Functions

Changed in libravatar:
importance: Low → Medium
Changed in libravatar:
assignee: François Marier (fmarier) → nobody
description: updated
Changed in libravatar:
assignee: nobody → François Marier (fmarier)
Changed in libravatar:
assignee: François Marier (fmarier) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers