Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Feb 2008 23:42:59 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: wiki - e-mail address obfuscation

I wrote:
> ... it only
> obfuscates e-mail addresses it recognizes - not anything with an @-sign.
> So we need to be very careful about this - e-mail addresses must be
> entered as <user@...mple.org> - with the angle brackets.
...
> As to page source, I've disabled the view source / export raw feature.

I just found another issue: it is possible to "show differences to
current version" without being logged in - and, of course, original
(non-obfuscated) e-mail addresses are seen in these source diffs.

Unless we come up with a way to address that (e.g., somehow disable this
feature for anonymous visitors), I'm afraid that we'll have to obfuscate
addresses manually prior to entering them into the wiki...

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.