@Xuefeng why don't you try it? D.
On Wed, Sep 30, 2009 at 10:48 AM, Xuefeng Wu <[email protected]> wrote: > I'm sorry, you mean Vassil or me? > > On Wed, Sep 30, 2009 at 4:43 PM, Richard Hirsch <[email protected]>wrote: > >> I've created a JIRA item for this topic >> (https://issues.apache.org/jira/browse/ESME-87) - the JIRA item is a >> little misleading but it is basically deleting users from pools. >> >> You've already worked on access pools. Maybe you'd like to work on this? >> >> Thanks. >> >> D. >> >> On Wed, Sep 30, 2009 at 9:59 AM, Vassil Dichev <[email protected]> wrote: >> >> Should we allow for a user to be deleted from an access pool? >> >> >> >> If yes what happens? Does he no longer have access to the messages in >> >> the pool - irregardless of whether he wrote them or not? >> > >> > It should be possible to delete a user, yes. I think it has been >> > discussed or specified in the requirements pdf that once a message is >> > in the user's mailbox, it stays there, so that's how it works now. At >> > any rate, deleting a message from the mailbox, which the user may have >> > already seen doesn't offer any more security. A user also doesn't see >> > messages in his/her mailbox, which were sent before he was added to >> > the pool. >> > >> > The interesting part is what happens if a pool has been removed and >> > whether it should be possible at all. This could pose a security >> > problem if an impostor creates a pool with the same name (similar to >> > what might happen with a deleted user account) >> > >> > > > > -- > Global R&D Center,Shanghai China,Carestream Health, Inc. > Tel:(86-21)3852 6101 >
