User talk:Wookienz

Extension:EmailDomainCheck
Hi. Here's something I found re the above extension:

Even if you limit registration to a email addresses from a certain domain, the extension can easily be bypassed if: I discovered this a couple of weeks ago while playing around with it on my personal wiki but forgot about it until I began deleting some old extensions from it today.
 * A user creates an account with foo@required.com.
 * User does not confirm email address (so the email doesn't even have to be real).
 * User goes to preferences, changes email to whatever they want (such as their own email address), and confirms that one.
 * Afterwards, user can do whatever was previously restricted on the wiki.

I'm not sure if this is the desired behavior or whether this can be addressed through a simple patch, but currently it seems that the extension isn't much use to someone who has a few minutes to circumvent it.

Cheers,

Fetchcomms 22:31, 3 January 2012 (UTC)

Not sure if this is the place to reply...

I built this along time agao for a project that i dont use anymore, so unlikely i will update it. You are correct in your points, however i am comfortable with people using a specific email address and when verified can change to someting else. I just needed to ensure they were from a specific domain from the start. The email will need to be verified to ednrue that you cant fake an email address.

Cheers.