[Mailman-Developers] RE: dont request passwords from web subscriber patch
Lee Weston
lee@ufojoe.com
Sun, 6 Feb 2000 20:02:00 -0500
Fri, 7 Jan 2000 14:58:16 +0100 (MET)
Fil fil@bok.net wrote:
>
>could the maintainers tell me if this patch is accepted or rejected ?
>Patch name : dont request passwords from web subscriber
I'm sorry to see no answer. I will be looking at adding it.
However I seems to me to be only half an answer. The other half is
allowing un-subscribe without password. If not you risk trapping silly
buggers as if you were fly paper.
An "only allow random password" mode would have the benifit of
substiantially raising the bar for writting cgi to raid / spam a site, by
making them parse email as well.
----------- ufojoe --------------------------------
50 Canadian Folk Festivals
http://www.interlog.com/~ufojoe/