Re: [Mailman-Developers] Authorization System in Core
Hi Harshit,
Their is no authentication system(OAuth etc.) set up between core and client for now. The client uses plain HTTP calls to communicate to the core. So, anyone with the credentials can alter any such permissions in the core. So, for now core and client should reside on the same host. So, I guess it would be better to implement the permissions stuff on the postorius side as others pointed out !
PS : I worked on the Node.js mailman client last year. You can refer it here https://gitlab.com/black-perl/mailman-client.js.
Thanks !
Ankush Sharma ECE IV IIT-BHU Varanasi-221005 http://black-perl.in Linkedin https://www.linkedin.com/in/ankushsharma003
On Sun, May 22, 2016 at 3:20 AM, Harshit Bansal wrote: Hi,
Earlier, while discussing the permission system for manging styles, it was
decided that the permissions system should be enforced in the core rather
than in the postorius since otherwise it can be bypassed(deliberately or
undeliberately). But one thing that I think I forgot to discuss was that
currently there is no authorisation system in the core and now I am unable
to figure out that how could the permissions be enforced in the core
without an authorisation system.
Should I workout an authorisation system for the core first or enforce
permissions in postorius only? Thanks,
Harshit Bansal Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-developers/ankush.sharma.ece... Security Policy: http://wiki.list.org/x/QIA9
participants (1)
-
Ankush Sharma