[Mailman-Users] Passwords
Nigel Metheringham
Nigel.Metheringham at dev.InTechnology.co.uk
Thu Jun 5 14:54:42 CEST 2003
On Wed, 2003-06-04 at 23:18, Derek Simkowiak wrote:
> Replace the "password reminder" email with a simple "confirmation"
> email. If you want to keep user options hidden then replace the
> "Password Reminder" button with a "Email me my options page URL" button,
> which emails the user a URL with an embedded cookie.
Its a password!
OK, it can be made time limited (how long though) and stuff like that,
but its still really a password :-)
I like the idea, except it needs to be expanded so that web access is
not required - you should be able to do this all by email too.
Maybe - if the installation handles VERP-like addressing - the cookie
can be made part of the sender address so a reply (from a sane MUA - we
aren't going to bend over backwards for the criminally insane here)
would be pre-authenticated - again with time limits and stuff (a day or
so is OK, a month isn't). However if we do this sort of magic then we
need to handle the worst that stupid MTAs come up with for bounces.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham at InTechnology.co.uk ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
More information about the Mailman-Users
mailing list