Comment by DreadLord64 on 19/09/2019 at 15:42 UTC

1 upvotes, 2 direct replies (showing 2)

I've noticed something. It seems that when I want to remove a reminder, the ID number that the bot provides is sequential. If this is the case, then a person could start sending remove commands to the bot in sequential order, deleting the reminders of other users. As I expect you can see, this would be really bad.

There's one solution to this without completely re-designating every single reminder with random strings as names rather than sequential strings, as I see it, and that is to require remove commands to be made by the owner of the reminder in order for the bot to actually remove the reminder, which, I admit, you may (and hopefully) have done already.

Replies

Comment by s_i_m_s at 19/09/2019 at 16:10 UTC

1 upvotes, 1 direct replies

Well it's pretty easy to test, here's the removal link to my next scheduled reminder. Send it from your side and i'll see if it's removed on mine. https://np.reddit.com/message/compose/?to=RemindMeBot&subject=Remove&message=Remove%21%20231370

Comment by Watchful1 at 19/09/2019 at 16:59 UTC

1 upvotes, 2 direct replies

It should already return an error message if you don't own the reminder.