Bug#804166: marked as done (nm.debian.org: link to resend challenge email is public)

Fri, 06 Nov 2015 07:42:48 -0800 

Your message dated Fri, 06 Nov 2015 15:40:07 +0000
with message-id <8235c0bc97ac4ddd1f1ecdfbed2e3...@hogwarts.powdarrmonkey.net>
and subject line Re: Bug#804166: nm.debian.org: link to resend challenge email 
is  public
has caused the Debian Bug report #804166,
regarding nm.debian.org: link to resend challenge email is public
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
804166: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804166
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: nm.debian.org
Severity: serious
Justification: I said so

We do not require authentication before displaying the "Resend email challenge"
link on a person's profile, nor when resending the challenge. Comedy ensues
when we get crawled.


-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 
'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'oldstable'), 
(1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---
--- Begin Message --- 
On 2015-11-05 16:25, Jonathan Wiltshire wrote:
We do not require authentication before displaying the "Resend email challenge" link on a person's profile, nor when resending the challenge. Comedy ensues 
when we get crawled.
I have resolved this by raising a 403 error if the requester is not logged in, which is better than nothing. 


--
Jonathan Wiltshire                                      j...@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

<directhex> i have six years of solaris sysadmin experience, from
            8->10. i am well qualified to say it is made from bonghits
                        layered on top of bonghits

--- End Message ---

Reply via email to