[ZendTo] Re: Drop-off by request only - has anyone else wanted this?
Jules
Jules at Zend.To
Tue Feb 19 12:37:38 GMT 2013
You could just edit the main menu template and remove the "Dropoff"
button from the menu that's displayed to not-logged-in users. It's in
/opt/zendto/templates/main_menu.tpl. All your changes to that file will
survive future upgrades.
Jules.
On 01/02/2013 23:01, John Thurston wrote:
> I've been asked by one of my bosses if we can remove the uninvited drop
> off feature. That is, it won't matter if you can supply an email address
> and answer a captcha. The only way you can drop a file off is by
> invitation with a "request code". The concern is the ability of an
> arbitrary outsider to use a semi-trusted email vector for phishing attempts.
>
> I think it is a valid attack vector, but one which would be sufficiently
> slow and difficult to exploit that it doesn't concern me very much.
> However, I'm here to ask if anyone else has wanted or needed to disable
> this feature.
>
> (Or, is the joke on me and there already IS a way to disable this feature?)
>
>
> Jules
>
> --
> Julian Field MEng MBCS CITP CEng
>
> 'There is one thing stronger than all the armies in the world;
> and that is an idea whose time has come.'
>
> www.Zend.To
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the ZendTo
mailing list