User talk:Wookienz

Extension:EmailDomainCheck
Hi. Here's something I found re the above extension:

Even if you limit registration to a email addresses from a certain domain, the extension can easily be bypassed if: I discovered this a couple of weeks ago while playing around with it on my personal wiki but forgot about it until I began deleting some old extensions from it today.
 * A user creates an account with foo@required.com.
 * User does not confirm email address (so the email doesn't even have to be real).
 * User goes to preferences, changes email to whatever they want (such as their own email address), and confirms that one.
 * Afterwards, user can do whatever was previously restricted on the wiki.

I'm not sure if this is the desired behavior or whether this can be addressed through a simple patch, but currently it seems that the extension isn't much use to someone who has a few minutes to circumvent it.

Cheers,

Fetchcomms 22:31, 3 January 2012 (UTC)