VCard access controls

Okay. Forgive the long response. vCard module is a brilliant profile feature, but would really shake things up by adding an extra measure of security for the user. There should be a module specific control mechanism in place to prevent random abuse extraction of critical data from a vCard download into an addressbook or distributed list to spam all Drupal users.

Whatever the access role, we must first protect the user's email address. We don't want all or nothing profile access. We want to make user profiles accessible to authenticated users because of community, but not all authenticated users are trustworthy. If we receive complaints from users reporting spam and abuse due to their membership, we have only ourselves to blame for not being proactive. Premium roles only would be assigned access to vCards. If we receive complaints of abuse by premium users then they only have themselves to blame for being permanently banned. On the other hand, we could simply make the user responsible for not setting their own control given by Admin.

Can you give a shot? vCard is a cool feature, but much too risky if all or nothing. Admin sets whether user can make vCard accessible and user can then specify whether vCard is accessible to public or certain groups, but vCard access control cannot be overridden by Admin.

Ultimately, we want to be certified by web authorities as "fairly safe".

Drupalgirl

Would still like tighter security for meeting certification for trust authorities. Consider earlier response and please reply.

Drupal Girl