Regarding the first part (deleting users from a pool) - here are my ideas * We have no idea whether he has viewed the messages or not. * Of course, he should be able to continue see his own messages even if they were sent to a pool to which he no longer belongs. * The user's messages remain in the pool whether or not the user is in the pool. * Since the user can no longer view the pool, he can only view his own messages but not those of other users. * Question: Should we delete all old messages from the pool to which the user was a member or should we just prevent new messages from the now-forbidden pool going to the user. I prefer the second choice.
Thoughts? To the second point regarding the deletion of pools. I think this needs more thought. We can't / shouldn't delete messages from closed pools. This would be a performance and programming nightmare. D. On Thu, Oct 1, 2009 at 5:23 AM, Xuefeng Wu <[email protected]> wrote: > There're two features:1. delete users from pool; > 2. delete pool. > > There're some argue and my opinion: > *when delete users from pool.* > We could withdraw all messages from the user, whatever read or unread. > > *when delete pool. ESME-68* > withdraw all messages > can create new pool which have the same name as deleted > > > > On Wed, Sep 30, 2009 at 3:59 PM, Vassil Dichev <[email protected]> wrote: > >> > Should we allow for a user to be deleted from an access pool? >> > >> > If yes what happens? Does he no longer have access to the messages in >> > the pool - irregardless of whether he wrote them or not? >> >> It should be possible to delete a user, yes. I think it has been >> discussed or specified in the requirements pdf that once a message is >> in the user's mailbox, it stays there, so that's how it works now. At >> any rate, deleting a message from the mailbox, which the user may have >> already seen doesn't offer any more security. A user also doesn't see >> messages in his/her mailbox, which were sent before he was added to >> the pool. >> >> The interesting part is what happens if a pool has been removed and >> whether it should be possible at all. This could pose a security >> problem if an impostor creates a pool with the same name (similar to >> what might happen with a deleted user account) >> > > > > -- > Global R&D Center,Shanghai China,Carestream Health, Inc. > Tel:(86-21)3852 6101 >
