Page MenuHomePhabricator
Create Task
Maniphest T48957

Able to edit pages without confirming email address
Closed, DeclinedPublic
Actions

Description

Author: testingwithfire

Description:
I just created an account and supplied an email address (testbruno, testingwithfire at gmail dot com).

The account creation was successful and I was able to edit a page without ever checking my email for a confirmation notice.

I understand that this is expected behavior but I think that a confirmation email is an important security feature - I don't want somebody using my email address to be editing Wikipedia articles!

Version: unspecified
Severity: normal

Details

Reference
bz46957

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:18 AM
bzimport added a project: MediaWiki-User-login-and-signup.
bzimport set Reference to bz46957.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Apr 6 2013, 5:37 PM
matmarex added a comment.Apr 6 2013, 5:41 PM

You only need to confirm your e-mail address to use e-mail related features, like receiving e-mail notifications or sending (and being able to receive) e-mail via Special:Emailuser.

And since e-mails for accounts need not be unique, even if somebody does provide your address in preferences, it won't be in any way visible to anyone but themselves, and it won't cause any issues until they confirm it (which they obviously couldn't do).

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits