Require users to re-enter their password to delete a server

kmecpp

• 2019년 07월 20일 15:15
• 편집된 시간

Discord is open nearly all the time and there's basically no in-app safe guards for dangerous operations. For example, if I'm on my laptop and I leave it for a few moments anyone who knew what they were doing could easily and permanently delete all my Discord servers. This would be pretty catastrophic for anyone. Especially those with very large servers.

To address this, I suggest that after the user enters in the correct server name to confirm they are deleting the intended server, to also require them to re-enter their password to ensure they are the actual owner of the account as well.

23

• 

  Heck

  • 2019년 07월 21일 09:04

  If you have 2FA enabled it forces you to enter that
  Much more safe than just your password, as if you get phished and put in the 2FA code and someone else gets into your account. 2FA changes every 30 seconds and gets invalidated until the code refreshes

  1
• 

  gpf

  • 2019년 07월 26일 09:29

  i agree with @Heck.

  it would be beste to re-authenticate before server deletion.

   

  0

댓글을 남기려면 로그인하세요.