• r

    rp

    9 months ago
    hmmm. And then how would the system know that susan.smith@gmail.com is actually the same person as susan.jones@gmail.com?
  • r

    rp

    9 months ago
    Cause their google userId would be the same?
  • i

    infrequent_emu

    9 months ago
    it depends, a lot of times they just trust that the token is one time use to set up an account that gets added to the group and doesn't check anything
  • i

    infrequent_emu

    9 months ago
    with google auth, you can pull their profileId and aliases
  • i

    infrequent_emu

    9 months ago
    that doesn't catch susan.smith+dontspamme@gmail.com though
  • r

    rp

    9 months ago
    it depends, a lot of times they just trust that the token is one time use to set up an account that gets added to the group and doesn't check anything Hmm.. without checking anything would be a security issue, unless the signed up email is verified separately during sign up
  • i

    infrequent_emu

    9 months ago
    but when the PM says it just needs to work.... yeah... I'm not saying its right, I'm saying its common
  • r

    rp

    9 months ago
    fair enough
  • r

    rp

    9 months ago
    We don't really provide an invite system atm. But when we do, we shall keep this in mind 🙂
  • i

    infrequent_emu

    9 months ago
    Is it obvious how stuff like this is a good surface for spear phishing if done incorrectly?