I like the idea of sending emails when important account settings are changed: it helps with: - cross site attacks - apis that permit changing such settings - screen scraping via embedded browser instances
and possibly more. Its also nonintrusive and straightforward, and we could include a confirmation token in the email people get sent too, if we felt thats needed. That is: LP.me.addSSHKey(...) -> email sent <-202 ACCEPTED (please check your email and confirm via the token link in it) Quickly shows the user 'please check email' User clicks in the email, ssh key is enabled / disabled. -Rob _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
