Comments | suggestions: Suggestion

blaznasian29 in suggestions

Suggestion

Jan 15, 2008 17:11

Title
Suggestion

Short, concise description of the idea
Authorize access to a protected entry based on an individual's email address

Full description of the idea
I would like to suggest the idea of allowing a person without an LJ account, or an OpenID account to gain access to a friends-only entry via e-mail address.
An ordered list of benefits

-No ( Read more... )

entry viewing, security, security: non-member access, account types, § no status

Comments 31

worldserpent February 5 2008, 16:38:10 UTC

If you have their email address, why not just send them an email of the post? Or save an HTML copy of the post and email it to them as an attachment?

nakeisha February 5 2008, 16:49:13 UTC

I was wondering the same thing - it's certainly something I've done a few times.

worldserpent February 5 2008, 23:11:03 UTC

Indeed. Why do these suggestions about allowing all of these backdoor ways into LJ keep on coming up, when you can always just "save this web page as an HTML file" and send it to people?

They are also all premised on the idea that it is so hard to make an LJ account that it is an unbearable burden. Well, you can always make someone an account for them, and give them the username and pw. And why is that harder than using email?

blaznasian29 February 19 2008, 07:04:39 UTC

Why would you make a username and password to read something once, especially if you don't even use LiveJournal? That is a waste of a username and disk space for LJ.

Though the HTML copy is not a bad idea; I hadn't thought/known about that

Thread 8

mooism February 5 2008, 16:47:11 UTC

This sounds like it’s really two suggestions in one:

1. Ad hoc friends groups: If I want only Anna and Bob to be able to read my latest entry, and I’m not likely to want to make another post for only Anna and Bob, then I shouldn’t have to go through the hassle of creating a friends filter.

2. Let people login to read posts using their e-mail address rather than an LJ/OpenID account.

The first I approve of.

The second I’m not sure about. They’ll have to go through the password reset dance before they can read the entry, otherwise it won’t be at all secure. Would creating an LJ account really be less hassle?

mooism February 5 2008, 16:55:32 UTC

Would creating an LJ account really be less more hassle?

charliemc February 6 2008, 09:34:51 UTC

Would creating an LJ account really be less more hassle?

If someone wants to read something in an LJ badly enough, then they'll set up an account. Period.

blaznasian29 February 19 2008, 06:58:14 UTC

The first one sounds more like the idea I was trying to suggest.

And second, not everyone is willing to sit there and create an account. It's a bit of a turnoff ... most people, are impatient. If someone wanted me to read something that I needed to create an account for, and I didn't think it was of dire importance, then I think I would just forget about it. Or come back to it some other time...

pauamma February 5 2008, 16:53:33 UTC

There's no way to authenticate using an email address alone. (An email address is like a username - you need a password to go with it)

idonotlikepeas February 5 2008, 17:05:50 UTC

My guess is that the suggester is saying something like "let me enter e-mail address A, and then have the system e-mail them a URL with a code in it that lets them see the entry".

Which is kind of an interesting idea. Probably not worth the effort it would take to implement, and accounts are easy to make anyway, but it might also be neat as a promotional tool. Of course, there are also security implications with having URLs like that floating around out there...

azurelunatic February 5 2008, 17:17:46 UTC

Or overload the current e-mail-this-entry feature so that the journal owner, and the journal owner only, could choose to send the whole text of the entry, no matter the security level, to an e-mail recipient of their choosing. It would warn first, naturally.

ursamajor February 5 2008, 17:43:53 UTC

I could be potentially on board with this application of it, though I wouldn't be likely to use it myself, and it would probably make me be even more vigilant about having a secure and frequently-changed password to minimize the likelihood of an account break-in to abuse this function ...

Thread 8

(The comment has been removed)

azurelunatic February 5 2008, 19:54:34 UTC

So the authenticated, logged-in owner of that email address could then come in as an OpenID user?

So you'd have to change OpenID itself so it could authenticate based on email.

Currently, you put in a blog url, and it goes back to the parent blog site (or other compatible OpenID type service) and authenticates.

You'd have to make it so you could put in an email address, and it would either send a message with an "authorize here" link to that email address, or it would go out to the parent email provider (easier in the case of a webmail account with social networking side effects like Y!, harder in the case of someone who has their own domain and is being their own email server or is using the mail service of someone who doesn't do social networking login stuff) and translate the email address into the email provider's social networking login (provided their thing supports OpenID).

Or something.

(I'm sleep-depped; I may be missing some really obvious stuff and/or not making much sense.)

(The comment has been removed)

hakeber February 6 2008, 04:32:01 UTC

IAWTC

To big of a security hole.

blaznasian29 February 19 2008, 07:04:58 UTC

IAWTC?

azurelunatic February 19 2008, 12:14:38 UTC

Stands for "I Agree With [This/That] Comment".

Thread 11