[Mailman-Users] Re: cleartext passwords

[Chuq Von Rospach]

At 11:48 AM -0700 10/2/00, J C Lawrence wrote:

>   -- List commands generate an email response which contains a
>      confirm token (reply to this to make it happen) AND a custom
>      URL (got to this page to make it happen).  The user gets to
>      choose which he wants.

I like this.


>   -- Web-originated commands (subscribe, unsubscribe, settings etc)
>      are exactly the same.  They reply with a confirm message just
>      like the above UNLESS they are additionally authenticated with
>      a previously established password.

I don't think you need the password here. Mailback validation is 
fine, because it proves ownership (or at least access to) the email 
address. If you're being attacked, and they can read your e-mail, 
being subscribed to a mail list is the LEAST of your problems. No 
sense making the mail list service more secure than your e-mail 
account.

>   -- It would be nice if the account/password relastionship were
>      abstracted, so tha things like LDAP could be plugged in.  Not a
>      requirement tho.

yup. That's on my list somewhere, too.

>This of course makes all changes a two step affair (change then
>confirm).  To achieve the one step business you can then use the
>normal password business as Mailman does it now.

for subcribes and the like, that's generally what you want (but have 
the option of turning it off). The only place I wouldn't want it is 
unsubs. Make that as trivially easy as you possibly can, because 
there's no need to make it secure. Unsub attacks are basically 
non-existant, especially compared to the struggles of the 
naive-i-want-off-i-dont-care user.

-- 
Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui at plaidworks.com)
Apple Mail List Gnome (mailto:chuq at apple.com)

You seem a decent fellow. I hate to die.