You mention V1.2.4 - is it available somewhere? or did you mean v1.2.3?

You mention V1.2.4 - is it available somewhere? or did you mean v1.2.3?

Yes, v.1.2.3, already fixed the title, thanks

Cristiano wrote:

You mention V1.2.4 - is it available somewhere? or did you mean v1.2.3?

Yes, v.1.2.3, already fixed the title, thanks

I thought I missed the location to get v1.2.4 - Mark and the team are probably fixing things reported and we might see another version soon. But for the most part v1.2.3 is very stable.

Mark,

Any News ?

Hi,

Currently this is not the behaviour and we will see if we can add this in the future.

Hi,

Currently this is not the behaviour and we will see if we can add this in the future.

This is a major security breach.

Thank you

Hello Cristiano,

I am sorry but I don't really see or understand the problem here. What do you actually mean by changing email and sending activation again? And how would this be a security breach? Can you please elaborate more on this please?

Hello Cristiano,

I am sorry but I don't really see or understand the problem here. What do you actually mean by changing email and sending activation again? And how would this be a security breach? Can you please elaborate more on this please?

Hello Mark,

sorry for my english

Scenario:

In eaysocial:

A user creates an account. he is asked "Email Account Activation Request".

He clicks on the email activation and can use easysocial.....

The user enter in " edit profile" modifies the original email, inserts a fake or a third party e-mail and will keep using easysocial to spam, and commit crimes etc. ...

The system that allows modification of email without sending a new request for confirmation is contrary to anti spam law in Europe, USA, Brazil.

Cristiano wrote:

The system that allows modification of email without sending a new request for confirmation is contrary to anti spam law in Europe, USA, Brazil.

That's very new for me "modification of email without sending a new request" (and I'm from Europe and dealing with privacy and law related texts daily).
Could you paste here to which law exactly are you referring to?

Most of the social networks (in US, Europe etc.) are allow to modify the email without require another verification.

Hello Jozsef Simony,

you can find some references here:

http://www.lsoft.com/resources/optinlaws.asp

Please give it a try and change your email on twitter, facebook, linkedin and others ...

Cristiano wrote:

you can find some references here:

http://www.lsoft.com/resources/optinlaws.asp

Please give it a try and change your email on twitter, facebook, linkedin and others ...

Dear Cristiano,

These laws are for Marketing Messages. Not for user requested communication. Every user has the option to choose their alert references still...notifications are not marketing messages. It's your responsibility to keep spammers out of your site (you have several tools for that...complex registrations with captcha codes, user-groups, point systems etc.)

I see your point regarding the option to make email change tied to a new verification BUT I'd definitely disable this on my sites.

I agree with christiano. ..
But, does joomla ask for reactivation or not ?

I would think joomla would implement it if it was that serious security breach.

The whole point of having a valid email address is that the system can email you notifications and such.

I think you guys are misusing the term "security breach". Security breach simply means that one could bypass the access on the site by performing specific actions. This is merely about changing e-mail address and even Joomla does not do this. A user is allowed to edit their email address even after they have registered.

If your case is about user's changing email, you can simply just disallow users from editing their e-mail address