On 5-Apr-10, at 11:58 AM, John Albright wrote:
I understand your concerns about this feature, especially when it comes to security. I know that a feature like this has to be done carefully. I would appreciate it if you could give me some more feedback. Do I seem to be on the right track at all with my thoughts on it? Also, I'm interested to hear your thoughts on the security concerns you have. Maybe there is more to this than what I initially thought.
In your initial post your top security concern seemed to be that other people could upload my posts as their own. In this case, you can't really stop that now. I have access to my DB, I could put whatever data into it I wanted.
The biggest security concern with this one that I see is moving subscribers. That is, I need to tell all the people who are following me not to follow me here anymore, but instead to follow me on some other arbitrary site as some other arbitrary user.
This is the biggest concern, because now we aren't dealing with our account, or our data, on either site, but rather directing arbitrary accounts to follow people, or stop following people, possibly without their interaction.
This is the bit that needs the most care and most security. In my opinion. _______________________________________________ StatusNet-dev mailing list [email protected] http://lists.status.net/mailman/listinfo/statusnet-dev
