Closed
Bug 433812
Opened 16 years ago
Closed 16 years ago
Add "reject this" link to registration email
Categories
(addons.mozilla.org Graveyard :: Administration, enhancement)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: timeless, Unassigned)
Details
I just got this via email: Welcome to Firefox Add-ons. Before you can use your new account you must activate it - this ensures the e-mail address you used is valid and belongs to you. To activate your account, click the link below or copy and paste the whole thing into your browser's location bar: https://addons.mozilla.org/en-US/firefox/users/verify/1364892/... Once you successfully activated your account, you can throw away this e-mail. Thanks for joining Firefox Add-ons -- Firefox Add-ons Staff -- It appears to be me, however there was only one link to click, no way for me to complain that the link was not requested. I clicked the link and instantly someone else's password for my email address was active. I did not ask for the account (at least, I don't remember asking for it). But the email provides no way for someone to investigate the "registration" other than clicking on the link, by which time, the damage is done.
btw, if you don't have sufficient logging to remember all account details (original first/last name, registrant ip address, etc.) please let me know, i'll file a bug asking you to ensure that the next version retains such information.
Comment 2•16 years ago
|
||
I think it's pretty standard practice that if you didn't request an account, you don't click on the link confirming that you did request the account.
Updated•16 years ago
|
Severity: blocker → minor
OS: Windows XP → All
Hardware: PC → All
Version: 3.0 → 3.2
Comment 3•16 years ago
|
||
I agree with Justin. However, what we may need to do is add a maintenance job that will expire new user registrations after a little while (2 days?). We have quite a bunch of unverified user accounts that just take away space and block nicknames, but don't serve any purpose because nobody can log in before confirming their account.
it may be standard practice somewhere else, however bugzilla's standard practice has been two links. one to affirm and one to reject. i'm also used to this from other good services on the web. but yes, auto expiring is also a good thing (bugzilla tokens expire after a couple of days, in this case if you don't have a reject option then 2 days is a good maximum).
Updated•16 years ago
|
Severity: minor → enhancement
Summary: Add-ons registration email is unacceptable and enables phishing → Add "reject this" link to registration email
Comment 5•16 years ago
|
||
Bug 444010 cleans up inactive accounts and we have recaptcha to prevent a bot from creating thousands of users. I think we should move on.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•