[Mailman-Users] member_posting_only=yes problem
Chuq Von Rospach
chuqui at plaidworks.com
Thu Nov 9 18:37:56 CET 2000
At 11:48 AM -0500 11/9/00, Barry A. Warsaw wrote:
>The /real/ solution is to extend the notion of membership to a person
>instead of an email address. This is all dependant on the Real User
>Database, but the quick sketch is that you'd be able to register
>yourself with the site and associate a number of email addresses with
>your name.
heh. I got a request for that this morning from a user... (grin)
> You could then do a lot of cool things like have different
>addresses subscribed to different lists as the primary repicient, use
>any of those addrs as `keys' to your account for login purposes,
Speaking of keys -- here's a thought. Rather than support lots of
email aliases, how about assigning (optionally) an acccess key to a
user. That key could be played in an X-Mailman-Key header, and would
uniquely ID a user from any account (it would have to be stripped on
the way through...), and ID into the user database. Might that make
it easier for the type of user who would be likely to do this kind of
thing?
>A short term solution (i.e. Mailman 2.1) may be to add an option that
>the list admin can turn on, which would add Reply-To: in the list of
>fields to use for the membership test. I'll add that to the TODO
>list.
I think I have issues with this -- but I'm having trouble
articulating them. I have to think this through and figure out if
there's a problem here, or if I merely think there is. But my issue
is that there is at least *some* authentification on the From line,
but no controls at all on Reply-to by users MTAs. I really don't
like the idea of being able to set my From: to chuqui at plaidworks.com,
but tweak the reply-to to barry at wooz.org and be able to post to a
list I'm not subscribed to.
oh -- I know one reason why it's a bad idea. What about lists with
Reply-to coerced? Mailman validates the address in the Reply-to for
posting, and then deletes it from the header, replacing it iwth it's
own. (does Mailman strip Reply-to when coercion isn't set? I don't
remember offhand). You have a risk here of having someone who can
post to the list without any visible trace of their access point --
if you have a sneaky troll whacking at a list after being kicked out,
this will drive an admin crazy.
The security of the "From" line can be shakey, no question. But the
security of the reply-to is non-existant, and I just have issues
setting up a system that allows authentification off of it. This one
rings my alarm bells beyond what I just wrote, but I'm not sure why
yet. I just think it's a bad idea....
--
Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui at plaidworks.com)
Apple Mail List Gnome (mailto:chuq at apple.com)
Be just, and fear not.
More information about the Mailman-Users
mailing list