

Security vs. Convenience in Anyvite - sanj

I just saw this in an Anyvite message:<p>"Note: Please do not forward this email. Doing so will give other people access to your Anyvite account."<p>In looking at the URLs embedded in the email, it was clear that they have some hashes glued in there to allow the user to bypass the login.<p>I'm not trying to bust on Anyvite; I've considered a similar scheme myself.<p>But I ended up deciding that it was a bad idea.  Other opinions?
======
drm237
The message is a bit vague, but we chose that wording because it conveys the
point more succinctly than a complete explanation.

If someone forwards an email to a friend, that friend will be able to RSVP and
comment on behalf of the forwarding user, but they won't be able to
create/edit/cancel the event. All of the admin controls still require the
admin to login.

We chose this as a matter of convenience since most people will refuse to RSVP
anyway and if we required them to fill out a registration form first, we
wouldn't be any better than evite. As noodle mentioned, if someone can RSVP on
your behalf for a single event, it probably isn't the end of the world. It's
completely depending on the security requirements of your app.

------
jadence
Evite does the same thing. My friends and I frequently forward our invitations
around to each other with the note "If you're interested bump up my RSVP count
or add yourself with the 'invite more people' link on the right.

I think it's fine in this case for the added convenience of not having to
register/login. It's an invitation system not banking.

------
noodle
depends on the nature of the app. while probably a 'bad thing', i don't think
that someone maliciously gaining control of your anyvite account will ruin
you, so a convenience like this might be acceptable in the eyes of the
engineers.

