How to implement an Email Change Function?
Posted: Wed Jun 20, 2012 2:44 am
I am thinking on how to implement a email change function in light of the worst case scenario and how to revert it if it was malicious.
In light of people choosing the easiest possible password that I let them choose, I have to deal with a hacked account or a collegue using the logged in account to change the email just for fun.
If I change a customers email, I have to deal with the possibility that I am handing over his account to someone else.
My approach is the following:
- I ask for the password again when the Email is changed
- I create 2 Emails one to the old address one to the new. Both inlcude a different hash. The one to the new is obvious as it is used for validation. The one to the old includes 2 Links, one to finalize the change and one to deny the change in case of a malicious change request.
I change the emailadress on validation but I keep the possibility to reverse it if the user e.g. comes back from vacation and notices the problem.
Is this enough precaution or do I need more? I might be totally paranoid about this but I can think of a couple of scenarios where I might think that an automated email change system might be completely a bad idea ...
In light of people choosing the easiest possible password that I let them choose, I have to deal with a hacked account or a collegue using the logged in account to change the email just for fun.
If I change a customers email, I have to deal with the possibility that I am handing over his account to someone else.
My approach is the following:
- I ask for the password again when the Email is changed
- I create 2 Emails one to the old address one to the new. Both inlcude a different hash. The one to the new is obvious as it is used for validation. The one to the old includes 2 Links, one to finalize the change and one to deny the change in case of a malicious change request.
I change the emailadress on validation but I keep the possibility to reverse it if the user e.g. comes back from vacation and notices the problem.
Is this enough precaution or do I need more? I might be totally paranoid about this but I can think of a couple of scenarios where I might think that an automated email change system might be completely a bad idea ...