On Sat, 10 Jul 1999, Stephen Modena wrote:
Phil--
From MindSpring, I change my "return address" inside of Eudora to "shimshon@theporch.com". Then I sent a "who" request to test-request. I succeeded in mailing the list of subscribers to shimshon@thePorch.com.
I did the same thing giving "ab4el@MindSpring.com" and it explicitly refused me because I am not a subscriber.
That is yet another setting. I can set the list to show the subscription list to anyone, to list subscribers or only to the list admin.
My suggestion is: these sort of things should require the "password=<>" on the same line as the request. If I am a legitimate subscriber, I can punch the HTML button to get my password mailed to me...it's not like I have to keep it on a post and would be an inconvenient imposition to require that parameter as part of the request.
I think it is the way it is to accomidate the different privacy settings. If I had set the list up where the subscribers were veiwable to anyone who had not set themselves as hidden, then it would not make sense to have the password. I would guess it would be relatively easy to check the list settings and if it was restricted, it would require a password.
Again, I'll forward this to the mailman-developer list.
Now for a positive comment: I switch my password to a pass phrase and it took it...and it can use it from the HTML page. I'm about to try it in an email.
-- 73/Steve/AB4EL shimshon@thePorch.thePorch.com QTH: Raleigh, NC
-- Phillip P. Porch <root@sco.theporch.com> NIC:PP1573 finger for http://www.theporch.com UTM - 16 514548E 3994397N PGP key Key fingerprint = F9 4D 41 7D 25 31 A5 1F 65 93 6B 84 A9 F9 5B 90
participants (1)
-
Phillip Porch