Yeah it is kind of like authentication vs authorization when managing users. Jus... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		swanson on Oct 14, 2013 \| parent \| context \| favorite \| on: How not to validate email addresses Yeah it is kind of like authentication vs authorization when managing users. Just because a user is correctly logged in, does not mean that they should have access to something in the system. Just because a valid email is entered, does not mean that the person entering it is the owner of said email. Though these two concerns are often conflated!

inthewind on Oct 14, 2013 [–]

And this could be abused. I sign up to a popular service with someone else's email address. I could be a nuisance and block them from signing up as themselves, even it if it is temporary.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact