Re: No easy way to join discussion in existing thread when not subscribed

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Amir Rohan <amir(dot)rohan(at)mail(dot)com>
Cc: PostgreSQL www <pgsql-www(at)postgresql(dot)org>, Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, Andres Freund <andres(at)anarazel(dot)de>, magnus(at)hagander(dot)net, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
Subject: Re: No easy way to join discussion in existing thread when not subscribed
Date: 2015-10-02 12:45:50
Message-ID: 20151002124550.GY3685@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-www

Amir,

* Amir Rohan (amir(dot)rohan(at)mail(dot)com) wrote:
> On 10/01/2015 09:18 PM, Stefan Kaltenbrunner wrote:
> > yeah - as Stephen said upthread I think that would be a very useful
> > feature...
>
> Great, here's a spec:
>
> 1) If the user is not logged in, error as the mbox downloads does.
> 2) If the user is logged in, retrieve the raw message from the db (like
> the "raw" link) does and send it via email (the system is already setup
> to do this) to the registered email address for the logged-in user.
>
> Threats:
> a1) Abusing the system to send lots of email to one victim.
> a2) Abusing the system to send one email to lots of victims.
> a3) DOS on the server through overuse by legitimate users.
> a4) DOS on the server through overuse by malicious users, possibly
> involving many accounts.
>
> To mitigate these, we:
> b1) Require a community login which involves an email verification step.
> mitigates (a1) and (a2).

Works for me.

> If a3 and a4 are concerns in practice:

I don't see that being the case here and so I don't believe we need any
particular safeguards for those cases.

Further, if we do, they can always be added later and don't need to
complicate the initial implementation.

Thanks!

Stephen

In response to

Responses

Browse pgsql-www by date

  From Date Subject
Next Message Stefan Kaltenbrunner 2015-10-02 12:48:26 Re: No easy way to join discussion in existing thread when not subscribed
Previous Message Magnus Hagander 2015-10-02 09:00:18 Re: Deselecting "Receive Mail" on the website ml subscribe form is broken