Date: Mon, 18 Feb 2008 23:42:59 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: wiki - e-mail address obfuscation I wrote: > ... it only > obfuscates e-mail addresses it recognizes - not anything with an @-sign. > So we need to be very careful about this - e-mail addresses must be > entered as <user@...mple.org> - with the angle brackets. ... > As to page source, I've disabled the view source / export raw feature. I just found another issue: it is possible to "show differences to current version" without being logged in - and, of course, original (non-obfuscated) e-mail addresses are seen in these source diffs. Unless we come up with a way to address that (e.g., somehow disable this feature for anonymous visitors), I'm afraid that we'll have to obfuscate addresses manually prior to entering them into the wiki... Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.