User talk:Walkazo/Archive 16

green

Possible security hole question
I would usually post these types of questions on the Main Page, but for anti-troll reasons I'll post it here where there's somewhat less traffic. Earlier, I was messing around on the MarioWiki when I came upon this page. Obviously, I'm not testing it out, but it appears that could reset anyone's password (not just yourself), given that you know their username. Of course, the new password would be sent straight to the targeted user's email, but until the targeted user figures that out, they could potentially be locked out. Is this possible? --Andymii (talk) 23:02, 11 June 2015 (EDT)


 * Hmmm, strange. Testing it out on an old blocked sockpuppet, it spits back "There is no email address recorded for user "Noname1".", so maybe if there was an email, it'd work? idk, ask Porplemonage about it - he'll know better than me. - Walkazo 23:09, 11 June 2015 (EDT)

Okay, I'll do that. Thanks for your help. --Andymii (talk) 23:21, 11 June 2015 (EDT)

BTW, Steve responded. He said that the original password will still work. Ultimately, it just shows that you should never share your email address. (On a side note, 'Shroom email subscribers are able to see other subscriber's emails. This may or may not be an issue that you guys might want to look into.) --Andymii (talk) 15:44, 12 June 2015 (EDT)


 * That's good. The Shroom operates separately from the admins, but yeah, that does sound like a questionable practice and they should probably look into using the BCC function to avoid that, or something. Maybe let SMB know about your concerns. - Walkazo 15:57, 12 June 2015 (EDT)

Thanks. I'll ask him. --Andymii (talk) 15:58, 12 June 2015 (EDT)

Blue Lava Bubble proposal
I add a new option to my proposal. You can change your vote if you want.-- 15:44, 12 June 2015 (EDT)