Closed GoogleCodeExporter closed 9 years ago
Unfortunately this raises privacy concerns. Imagine that malicious user A knows
the email address of person B. User A appoints B as the editor of an
exploration by specifying her email address. Later B registers as a user and
chooses a user name. Now B's user name will be given in the list of editors of
the exploration. Thus A will be able to establish the user name associated with
B's email address even though B might not want him to know it.
Generally speaking sites are expected to keep the relation between email
addresses and user names confidential. We used to allow adding editors by email
address but we had to remove the feature due to the above issue.
Original comment by jacobdav...@gmail.com
on 17 Feb 2015 at 8:06
Original issue reported on code.google.com by
kevinlee...@gmail.com
on 17 Feb 2015 at 6:04