Thread: Fastmail's values
View Single Post
Old 28 Dec 2016, 08:10 AM   #34
brong
The "e" in e-mail
 
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696

Representative of:
Fastmail.fm
Quote:
Originally Posted by jhollington View Post
I think that's a logical way to handle that — especially for things that are not just non-reversible but may be critical to proper operation. Obviously as I noted earlier, anything under "Passwords & Security" should require more than just the base password, since that's kind of an open hole right now for keyloggers and malware to exploit. However, almost everything under the "Admin" section in the preferences should probably fall into that category, as messing with domains and aliases could have far-reaching consequences and may easily go unnoticed — consider something like a hacker updating an alias to add an external address so that they would get copies of all mail destined to that address, not to mention all of the malicious possibilities that could stem from unauthorized DNS record changes. Rules would also be another potentially dangerous attack vector that could easily go unnoticed by the typical user.
Yep, I got all that on the ticket I just created in our internal tracker

Quote:
I think that's fair, but at the same time I think it also needs to be clear what the user is doing and what the timeout is — something along the lines of "You may want to think twice about doing this if you're on an untrusted computer" — since as we've already discussed a lot of these protections are as much for the novice user.
It has to be something that's easy to translate into lots of languages - one of the downsides of translating our interface into many languages is that it costs a lot to add any text anywhere!

I'm not going to speculate about the exact interface design, because I don't know what we'll do there, but I agree that it needs to be clear that you're enabling dangerous-stuff mode.

Quote:
However, I also think that the point that BritTim made about restricted administrative access for business and family account scenarios is valid as well. Although I realize that FastMail doesn't differentiate these in the same way that you folks used to, it doesn't remove the fact that there are scenarios where I might provide an account for a kid or an employee where I don't want them to have the flexibility to change certain settings. It's not uncommon in business environments to want to restrict forwarding rules or POP fetching, for example.
We already have that. There's a checkbox next to the user in the 'Settings' => 'Users' => 'Edit' screen called 'Admin'. If that's not checked, they can't change a bunch of settings.

Now forwarding rules and POP fetching aren't in what can be locked down right now. More fine grained permission control is something on our radar for improving business tooling, and family will get the same features too.
brong is offline   Reply With Quote