On input and uploading of user content

cbabcock at asciiking.com cbabcock at asciiking.com
Sat Nov 21 23:02:30 GMT 2020

Previous message (by thread): On input and uploading of user content
Next message (by thread): Regarding non-finite response bodies
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> (You can also check the email address against the email address from the user's certificate
> for validation)

You can offer the email address from the certificate as a default for the reader to confirm, refuse, or replace as linked to some notion of an account, but it's necessary to have explicit permission to link the identity of a user to that information... and you shouldn't make any positive assumption about user supplied data, including unsigned or self-signed certificates

Also, don't trust the "From" address in an email. Insist on end to end encryption if the content transmitted is actually sensitive. If the contents aren't actually sensitive, processing is reversible, and volume is sufficiently low, then you can use a token inserted in either the subject or the from address to transmit session information. In either case, a receipt is required for email transactions

Chris

Previous message (by thread): On input and uploading of user content
Next message (by thread): Regarding non-finite response bodies
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list