[Roller-JIRA] Commented: (ROL-1469) Obfuscate blog authors email address on comment notifications

Tue, 21 Aug 2007 06:46:21 -0700 

    [ 
http://opensource.atlassian.com/projects/roller/browse/ROL-1469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_14058
 ] 

Rob Wilson commented on ROL-1469:
---------------------------------

Adding comments that belong to this issue from  
http://opensource.atlassian.com/projects/roller/browse/ROL-1455.

Allen Gilliland - [21/Jun/07 04:59 PM ] 
I took a look at the code and I see this ... 

        // use either the weblog configured from address or the site configured 
from address 
        String from = weblog.getEmailFromAddress(); 
        if(StringUtils.isEmpty(from)) { 
            // TODO: this should not be the users email address 
            from = user.getEmailAddress(); 
        } 

i think this is what Linda is talking about. so the problem is that the email 
'from' field is populated with a value from the weblog settings if specified, 
otherwise it uses the entry creators email address which is a privacy leak. 

it probably makes sense to do a couple of things to fix this 

1. allow users to set a flag in their profile to identify that they want their 
personal information to remain private. this is necessary for sites that want 
to let bloggers decide for themselves if they want their email address shared. 

2. provide a global configuration option which allows the site administrator to 
enforce a privacy option like this for all users. 


> Obfuscate blog authors email address on comment notifications
> -------------------------------------------------------------
>
>                 Key: ROL-1469
>                 URL: 
> http://opensource.atlassian.com/projects/roller/browse/ROL-1469
>             Project: Roller
>          Issue Type: Improvement
>            Reporter: linda skrocki
>            Assignee: Roller Unassigned
>
> When a user selects 'notify me of new comments' the email notifications show 
> the blog authors email address. Obfuscating the blog authors email address 
> would be optimal.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://opensource.atlassian.com/projects/roller/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to