@Richard It's my pleasure to do this. I agree with Vassil. I would start to technical design and develop after we reach an agreement.
On Wed, Sep 30, 2009 at 5:09 PM, Vassil Dichev <[email protected]> wrote: > > We should have unique Id which can not be deleted.User or Pool could have > > same name but have different unique id which only system know. > > > > The pool name can not have duplicate validate same name, > > but the validate pool could have a name as same as invalidate pool. > > This is not a technical problem, but a social engineering aspect of > security. The user will not see this id, and even if they do, they > won't care. The thing they will see is the pool name. So if one day > the pool is deleted and on the next day another pool is added by a > different person, but with the same name, the user might be tricked > into sending confidential messages to that pool. > > One way to alleviate the problem is to trigger a message that a user > has been added to a pool. But will this be enough? Or should we block > the pool name forever, even when the pool has been deleted? > > Vassil > -- Global R&D Center,Shanghai China,Carestream Health, Inc. Tel:(86-21)3852 6101
