[Mailman-Users] mischief: Login failure with private rosters
Jim Popovitch
jimpop at yahoo.com
Tue Mar 14 15:19:56 CET 2006
Mark Sapiro wrote:
> This is a normal message. It probably should specify the list but it
> doesn't. It has nothing to do with public/private archives. It has to
> do with whether the membership roster is available to anyone or not.
> I.e., the Privacy options...->Subscription rules->private_roster
> setting. If the roster is not available to anyone, we are concerned
> about invalid login attempts to the options page.
>
> If, for example, we just said 'invalid password' to the user who
> attempts to login with a bad password, someone could use that response
> to verify whether or not an address was subscribed to the list, thus
> at least partially defeating the privacy of the membership list, so we
> just tell the user the login is unsuccessful, but not why, and we log
> the event in 'mischief' in case it is really part of an attempt to
> probe the membership list.
>
> In most cases, these log entries are really legitimate options page
> login attempts by members who forgot or mistyped their password.
Hi Mark,
Thank you. I see the error was on my lack of clearly reading the error
message. ;-)
Thanks,
-Jim P.
More information about the Mailman-Users
mailing list