[Mailman-Users] Re: cleartext passwords
Chuq Von Rospach
chuqui at plaidworks.com
Mon Oct 2 21:17:55 CEST 2000
At 11:48 AM -0700 10/2/00, J C Lawrence wrote:
> -- List commands generate an email response which contains a
> confirm token (reply to this to make it happen) AND a custom
> URL (got to this page to make it happen). The user gets to
> choose which he wants.
I like this.
> -- Web-originated commands (subscribe, unsubscribe, settings etc)
> are exactly the same. They reply with a confirm message just
> like the above UNLESS they are additionally authenticated with
> a previously established password.
I don't think you need the password here. Mailback validation is
fine, because it proves ownership (or at least access to) the email
address. If you're being attacked, and they can read your e-mail,
being subscribed to a mail list is the LEAST of your problems. No
sense making the mail list service more secure than your e-mail
account.
> -- It would be nice if the account/password relastionship were
> abstracted, so tha things like LDAP could be plugged in. Not a
> requirement tho.
yup. That's on my list somewhere, too.
>This of course makes all changes a two step affair (change then
>confirm). To achieve the one step business you can then use the
>normal password business as Mailman does it now.
for subcribes and the like, that's generally what you want (but have
the option of turning it off). The only place I wouldn't want it is
unsubs. Make that as trivially easy as you possibly can, because
there's no need to make it secure. Unsub attacks are basically
non-existant, especially compared to the struggles of the
naive-i-want-off-i-dont-care user.
--
Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui at plaidworks.com)
Apple Mail List Gnome (mailto:chuq at apple.com)
You seem a decent fellow. I hate to die.
More information about the Mailman-Users
mailing list