[Mailman-Developers] Hashing member passwords in config.pck
Mark Sapiro
msapiro at value.net
Sat Feb 12 18:50:48 CET 2005
Adrian Bye wrote:
>> On Sat, 2005-02-12 at 05:33, Thomas Hochstein wrote:
>>
>> > I don't think so. I'd prefer to change options
>> *immediately*, without
>> > having to wait until I get my mail (partly via UUCP).
>>
>> I agree.
>
>And without passwords, you don't have to. Instead of a password to access
>member options, you access it via the custom URL at the footer of every message.
>You can either save the URL in a password storage someplace, or just refer to an
>older message in your mail.
Which at a minimum would require personalization of all lists with its
attendant performance hit, plus this URL would have to contain the
equivalent of a password whether you call it that or not, thus
exposing it to compromise by including it in every mail.
I used to run some lists on Topica.com and they have an 'easy
unsubscribe' link at the bottom of every mail, and I am amazed at the
number of people who don't edit this out of mail they forward (and the
number who still don't know how to get off a list).
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Developers
mailing list