[Mailman-Developers] Re: [Mailman-Users] Any way users can unsubscribe without a password?

Jay R. Ashworth jra@baylink.com
Mon, 2 Apr 2001 01:46:27 -0400

On Mon, Apr 02, 2001 at 01:38:11AM -0400, Barry A. Warsaw wrote:
> While this isn't exactly password-less accounts, I think it
> accomplishes basically the same intent.  And it strikes a good balance
> between convenience and security.  It means in practice that a user
> can get removed from a list without having to remember their password
> (or how to get it!), and the two-step removal in that case isn't too
> onerous (since most MUAs I suspect would let them click directly on
> the URL in the mail message).

Two edged sword.

I'm trying to remember whose message it is, Slashdot's, I think, that
says "don't get your panties in a twist because we included your
password in clear".

This completely fails to take into account the "I use the same password
many places" people.

Getting the passwords out of the mail is a good thing... but mail is
*still* sniffable.  Depends how much security you want people to

-- jra
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 804 5015