Limit email notification contents

babgvant / elmah

Automatically exported from code.google.com/p/elmah

Apache License 2.0

0 stars 0 forks source link

Limit email notification contents #141

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

What new or enhanced feature are you proposing?

Configure the email notification so as not to include sensitive information.

What goal would this enhancement help you achieve?

Emails sent out include the auth cookie for the request.  Replacing this in
your cookie allows you to impersonate the user.  Would like to use email
notices of error (with a link to elmah.axd?) but can't with this vulnerability.

Original issue reported on code.google.com by peter.fr...@gmail.com on 6 Nov 2009 at 9:05

GoogleCodeExporter commented 9 years ago

Original comment by azizatif on 7 Nov 2009 at 12:25

Changed state: Accepted
Added labels: Component-Mail