so 10. 2. 2018 v 13:23 odesílatel Guilherme Gonçalves <
guilherme.p.gonc(a)gmail.com> napsal:
Hi Martin,
I'm not authoritative on PII policies at all, but here's a couple of
things that came to mind as I read your question.
2018-02-10 11:26 GMT+00:00 Martin Urbanec <martin.urbanec(a)wikimedia.cz>cz>:
To prevent this tool from spamming I of course
require its confirmation
by accessing an URL with a random string (MD5 hash of user's email *and* random
number from 1 to 100; I mean, those two things are in one hash).
Does this mean the URL for a given email address can be guessed in at most
100 attempts by someone who doesn't control the address? I think you'd
typically want to draw your random numbers from a much larger range, or use
as token something that was encrypted or signed with a secret only your
server knows. It would probably also make sense to make your URLs valid for
only a certain time.
*1000, but increased to 10 000 000, which should be big enough. I also can
use more qualit hash than MD5 which will slow it down even more.
However...
Should I stop with collecting mails at all and
use some WMF-maintained
service for mass-emailing (mailman at
lists.wikimedia.org maybe?) and
make the tool to just send an email to the list itself?
If creating a single mailing list is an option (for instance, you don't
plan on customizing the emails per user), this seems like a very good way
to go.
It is, this just was the easiest way for me when I was writing the tool.
This question came to my mind before creating, so I do appologize for
asking after programming.
Best regards,
Martin Urbanec
--
Můj kalendář najdete na
https://martin.urbanec.cz/calendar.html
_______________________________________________
Wikimedia Cloud Services mailing list
Cloud(a)lists.wikimedia.org (formerly labs-l(a)lists.wikimedia.org)
https://lists.wikimedia.org/mailman/listinfo/cloud
--
Guilherme P. Gonçalves
_______________________________________________
Wikimedia Cloud Services mailing list
Cloud(a)lists.wikimedia.org (formerly labs-l(a)lists.wikimedia.org)
https://lists.wikimedia.org/mailman/listinfo/cloud
--
Můj kalendář najdete na
https://martin.urbanec.cz/calendar.html