[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Feb 2008 23:42:59 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: wiki - e-mail address obfuscation
I wrote:
> ... it only
> obfuscates e-mail addresses it recognizes - not anything with an @-sign.
> So we need to be very careful about this - e-mail addresses must be
> entered as <user@...mple.org> - with the angle brackets.
...
> As to page source, I've disabled the view source / export raw feature.
I just found another issue: it is possible to "show differences to
current version" without being logged in - and, of course, original
(non-obfuscated) e-mail addresses are seen in these source diffs.
Unless we come up with a way to address that (e.g., somehow disable this
feature for anonymous visitors), I'm afraid that we'll have to obfuscate
addresses manually prior to entering them into the wiki...
Alexander
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
