[Mailman-Users] Re: cleartext passwords

Dan Wilder dan at ssc.com
Mon Oct 2 21:10:25 CEST 2000 

On Mon, Oct 02, 2000 at 11:48:13AM -0700, J C Lawrence wrote:
> That said, I'm not fond of Mailman's current setup.  What I'd
> prefer:
> 
>   -- List commands generate an email response which contains a
>      confirm token (reply to this to make it happen) AND a custom
>      URL (got to this page to make it happen).  The user gets to
>      choose which he wants.
> 
>   -- Web-originated commands (subscribe, unsubscribe, settings etc)
>      are exactly the same.  They reply with a confirm message just
>      like the above UNLESS they are additionally authenticated with
>      a previously established password.
> 
>   -- It would be nice if the account/password relastionship were
>      abstracted, so tha things like LDAP could be plugged in.  Not a 
>      requirement tho.
> 
> This of course makes all changes a two step affair (change then
> confirm).  To achieve the one step business you can then use the
> normal password business as Mailman does it now.

That sounds MUCH better to me than the present arrangement.

The two-step process also eliminates the standard bugaboo of anything
that accepts email addresses from web forms: people who can't type,
or don't know their own email address.  I can't think how much time
I've spent unsubscribing users who don't exist from Majordomo lists.

If they don't get on the list until they respond to the confirming
email, and the confirming email goes into the bitbucket, then the
list admin doesn't have to do anything about getting 'em off the list.

> What's this mean?  For 90% of operations no passwords are required,
> nothing needs to be remembered or tracked by users, and everybody
> sleeps comfortably.  For the odd guy who is on the road away from
> his normal accounts or who is facile enough to know exactly what he
> wants and how to do it, well, he can remember and use his password.

Now if there were a way (well maybe there is by now, please pardon
the noise if so) to turn off password reminders.  I hate to take
up internet bandwidth, and annoy our users, with several tens of 
thousands of emails per month that nobody's going to make any use
of whatsoever.

-----------------------------------------------------------------
 Dan Wilder <dan at ssc.com>
 SSC, Inc. P.O. Box 55549             Phone:  206-782-7733 x123
 Seattle, WA  98155-0549              URL     http://www.ssc.com/
-----------------------------------------------------------------

More information about the Mailman-Users mailing list