[Mailman-Developers] Re: [Mailman-Users] Any way users can unsubscribe without a password?
Jay R. Ashworth
Mon, 2 Apr 2001 01:46:27 -0400
On Mon, Apr 02, 2001 at 01:38:11AM -0400, Barry A. Warsaw wrote:
> While this isn't exactly password-less accounts, I think it
> accomplishes basically the same intent. And it strikes a good balance
> between convenience and security. It means in practice that a user
> can get removed from a list without having to remember their password
> (or how to get it!), and the two-step removal in that case isn't too
> onerous (since most MUAs I suspect would let them click directly on
> the URL in the mail message).
Two edged sword.
I'm trying to remember whose message it is, Slashdot's, I think, that
says "don't get your panties in a twist because we included your
password in clear".
This completely fails to take into account the "I use the same password
many places" people.
Getting the passwords out of the mail is a good thing... but mail is
*still* sniffable. Depends how much security you want people to
Jay R. Ashworth firstname.lastname@example.org
Member of the Technical Staff Baylink
The Suncoast Freenet The Things I Think
Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015