
It seems like it would be nice to setup a method of confirmation for *approving* messages that uses a unique token instead of the list password; while (hopefully) in most cases, the moderator will be sending approval messages over SSL or from the same machine the list is on, it seems like a bad idea to make the confirmation token the list password (especially in case you accidentally add the 'Approved:' header to the wrong message, or in case someone spoofed a message appearing to be from Mailman in order to try and scam list passwords)....
How about generating a unique one time password and having people add this to the Approved: header? This would make it much harder for someone to accidentally disclose the list (or worse, site) password.

On Wed, 2003-02-05 at 17:39, Will Yardley wrote:
It seems like it would be nice to setup a method of confirmation for *approving* messages that uses a unique token instead of the list password;
I like this idea. Please add it to the SourceForge feature request tracker. I'm hoping that 2.1.2 will be stable enough that I can actually start working on the next version soon. I haven't decided whether it will be full-blown MM3.0 or a more modest 2.2 -- a feature like this could make it into either.
-Barry

On Sun, Apr 06, 2003 at 04:26:52PM -0400, Barry Warsaw wrote:
On Wed, 2003-02-05 at 17:39, Will Yardley wrote:
It seems like it would be nice to setup a method of confirmation for *approving* messages that uses a unique token instead of the list password;
I like this idea. Please add it to the SourceForge feature request tracker.
Done.... https://sourceforge.net/tracker/index.php?func=detail&aid=717113&gro...
participants (2)
-
Barry Warsaw
-
william+mm@hq.newdream.net