Be more careful about who gets "authority" privileges #427
Comments
|
Has this been closed because it has been fixed? Or because it's related to #41? |
|
Because the UI makes it too easy to close things! |
|
.ac.uk addresses are also a risk because students may be given [email protected] |
garethrees
added
f:request-management
improvement
|
Just to note we're dealing with a case on WhatDoTheyKnow at the moment where this would have helped. The user was able to use their |
|
Had a clear-out of my pinboard over the weekend so scanned the notes I made on this.
|
|
+1 This has understandably confused a poor Parish clerk today who was confused as to why WhatDoTheyKnow only offered the reply via WhatDoTheyKnow.com option to those with a googlemail address (the Parish council request address was @googlemail.com ) On a very closely related point we should stop calculated home pages eg. googlemail.com Do we need a list of exceptions ? This could be assembled from a list of the most common domains used in request addresses, presumably after excluding .ac.uk/.nhs.uk/gov.uk then hotmail / aol / gmail / outlook would come top and we could treat the latter specially? |
I've split this into #6434 as it's definitely an issue in its own right - and it's one that is a nuisance not only for Alavateli admins, but for re-users of our data. |
|
We now list over 8000 parish councils on WDTK. Many (1000s) have gmail, hotmail, outlook, btinternet, etc email addresses. |
|
This issue has been automatically closed due to a lack of discussion or resolution for over 12 months. |
Currently anyone with an email address @ the same domain as the FOI address can do special things on behalf of the authority. This goes wrong for small councils that use personal email accounts instead of having their own domain - e.g. anyone @gmail.com could upload to some councils.
This will also become more of a risk if and when we open up more features to the authority.
A few ideas for fixing this
The text was updated successfully, but these errors were encountered: