At present, we get to control the bulk of the content of the email
messages generated for password requests, but I'd *really* like to be
able to add the time and IP address of the password request.
It could be implemented as simply as adding a one or two additional
attributes to the send_password action in the API. On the OpenSRS side,
invalid IP data could be nulled or zeroed, and in a perfect world, we
could specify a paragraph in the password email which would contain one
block of text if valid data was provided, and a different text if the
API data was not valid.
One issue I see with this is that the data could potentially be spoofed
by less-than-honest RSPs, but the advantages of throwing investigations
off track would be minimal, so I don't see this as a big risk.
What do people think? Would your customers appreciate being able to
find out where a phantom password request originated?
What does OpenSRS think? Would this be too much work to implement? I
imagine the programming effort would be pretty straightfotward -- the
biggest challenge would likely be coming up with a sensible user
interface to allow RSPs to configure it with the minimal number of
support requests.
-- Paul Chvostek <paul@it.ca> Operations / Abuse / Whatever +1 416 598-0000 it.canada - hosting and development http://www.it.ca/
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:28 EDT