On 10-8-2012 17:23, Paul Backhouse wrote: > Has this already been done? Does my google-fu escape me? If it hasn't > already been done, why not? And are there any modules out there that can > be dropped in to speed development? Any tips on developing this app?
An email gateway is what exposed contrib.auth's problems to me, because it has the email stored on the user account info, you can only match one email per user. In a world where people use several accounts or server addresses with 'subdomains', having only one registered address per account isn't practical. Also, match a user based on SMTP headers is not very secure. Another approach that you can observe in the wild is to have 'secret email addresses'. In the user account information an email address at the site's domain is made available that the user can send comments or content to. The drawback here is that it's very sensitive to identity theft as the assumption is made that only that user knows that address. So very quickly, you come into the dark realm of requiring some kind of authentication key associated with the email message and while for us techies this is trivial, explaining that to casual internet users has been a problem since the inception of S-MIME and PGP. I imagine most projects that have attempted this principle strand on this issue and the associated spam nightmare. -- Melvyn Sopacua -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.