denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_maintenance 2013-04-20 05:26 pm (UTC)

Yeah, we had to take out the ability to reply from the comment form no matter what account you were logged in as because it was a security hole: if you forwarded the notification to someone else, they could reply as you to that comment for the rest of eternity just by entering text in the form and hitting 'post'. (Which is why we had to design this so carefully, to prevent that situation -- now the only way someone can reply as you is IF you forward the email AND that person deliberately spoofs your address, and you can expire the token if that happens.) LJ decided the possibility of forwarding the email notification and someone trying to reply to it wasn't enough of a problem to worry about, though, so that possibility still exists there; if you use HTML emails on LJ, don't ever forward them to somebody else.
(151 comments)

Post a comment in response:

This account has disabled anonymous posting.
(will be screened if not validated)
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.