Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent someone from creating a billion inactive users #157

Open
alexgleason opened this issue May 17, 2018 · 0 comments
Open

Prevent someone from creating a billion inactive users #157

alexgleason opened this issue May 17, 2018 · 0 comments
Labels
bug

Comments

@alexgleason
Copy link
Contributor

Anyone can invite other users to manage their garden or plot by typing in their email address. This needs some limits, because:

  1. This actually creates a user profile in the database as a result. Maybe it shouldn't do this, and instead create an "Invitation" or something. Adding a bunch of empty users is not semantically helpful and it makes me nervous that it could be exploited somehow (since users are directly related to authorization).

  2. It sounds out an email to entered address, which could affect the reputation of gardenhub.io over time. We don't want anyone to consider this "spam".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexgleason