6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
11/8/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#11376] Itip auto-accept requests
*
Your Email Address
*
Spam protection
Enter the letters below:
\ /.__ . .._..__. >< [__)|_/ | | | / \| | \_|_|__|
Comment
> A client would like to see auto-updating of the local calendar when a > confirmation itip message is received (and read) by the user. > Apparently, Gmail does this. > > I am not comfortable with this because this is the classic > "triggering an action via unauthenticated data" problem. The concern > is that because anybody can send a message accepting (if they have > the original invite data), there is no guarantee it is from the user > you originally sent the invite to. > > Example: I send an invitation to foo@example.com. However, > bar@example.com sends back an acceptance for foo@example.com. This > is a case where I know something is up/screwy, so I won't accept that > invitation and update foo@example.com's status. Granted, > bar@example.com will probably cover his tracks better (e.g. forging > the from address), but this still shows the problem with > auto-accepting. > > What do people think about this?
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers