Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, ccruz, danielcastillo, and 12 others

#8601 email auth verification by link

Milestone: unreleased

Status: review

Owner: Dave Brondsema

Labels: None

Component: General

Reviewer: nobody

Updated: 4 days ago

Created: 4 days ago

Creator: Dave Brondsema

Private: No

With a link we can have a longer token for more security (still type-able if needed). And the link will defeat some MITM phishing attacks, forcing you to the right site.

We can apply this to 2FA accounts too (currently being skipped) so they get the MITM protections too

Downside is if you don't have email access on the same computer you're logging in to :(

Commit: [09208d]
Commit: [4cf8e1]
Commit: [7fd219]
Commit: [d18050]
Commit: [f8a696]
Commit: [fd3428]

Discussion

Dave Brondsema - 4 days ago

status: in-progress --> review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 4 days ago

db/8601

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Apache Allura™

Forge software for hosting software projects

Milestone

Searches

Help

#8601 email auth verification by link

Related

Discussion