CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Checksum token - profile edits also in forwarded emails?
Pages: [1]

Author Topic: Checksum token - profile edits also in forwarded emails?  (Read 746 times)

DenisD

  • I’m new here
  • *
  • Posts: 11
  • Karma: 1
Checksum token - profile edits also in forwarded emails?
September 09, 2010, 05:13:22 am
Dear All,

I just noticed that the checksum token for profile edits also works in forwarded emails. This is not otpimal as the recipients of these mailings can modify the profile of the sender of the forward. Have I overlooked something, or is this a (known) problem that should be fixed?

Thank you for any ideas on how to resolved this issue.

Denis

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Checksum token - profile edits also in forwarded emails?
September 09, 2010, 03:51:16 pm
I'm not aware of any mechanism we can use to prevent the URL from "working" if the user forwards the email to someone else. If you are including checksum links in emails that are likely to be forwarded - you may want to add "Do not forward..." text to them.

For online event registration, a the folks at Tech to the People contributed code which puts up a message similar to what you might see on a shopping care application - which welcomes the person AND allows them to click a link to say they are NOT that person. Screenshot attached.

You might consider contributing something similar for checksum-based profile editing. The "Not" link would probably reload the profile in "create" mode (minus the checksum hash portion of the URL).

Protect your investment in CiviCRM by  becoming a Member!

DenisD

  • I’m new here
  • *
  • Posts: 11
  • Karma: 1
Re: Checksum token - profile edits also in forwarded emails?
September 16, 2010, 06:47:53 am
Thanks Dave,

I had never thought about the problem with the forwarding before, but it seems that this is a standard issue with other comparable systems (I just checked a couple of newsletters that I receive with "modify profile" functionalities and these links all remain active when forwarded). I guess possible misuse will be limited as the checksum token is only valid for one week.

Thanks again for getting back to me so quickly.
Denis
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Checksum token - profile edits also in forwarded emails?

This forum was archived on 2017-11-26.