[Mailman-Developers] privacy problems with web interface

Peter W peterw@usa.net
Fri, 12 Oct 2001 20:33:11 -0400

On Thu, Oct 11, 2001 at 06:54:04PM -0400, Barry A. Warsaw wrote:

> What we can do for MM2.1 is, if the subscriber list is not public,
> i.e. private_roster is not "Anyone", then if they attempt to subscribe
> an already subscribed address, we can show them a results page that
> looks no different whether they actually are subscribed or not.
> Then if they are subscribed, we'll send the user a message saying
> somebody tried to subscribe their address (should we email the admin
> too?).  If they aren't subscribed, then we'll do the normal routine.

I wouldn't bother the admin. It would be nice if the emails that 
mailman sends contained something like the Web client's IP address 
in the headers or message (maybe that already happens; I do not recall) 
in case some subscriber wants/needs to follow up on a request.

> (I need to make sure the web message you'd see is identical regardless
> of whether you're subscribed or not.  That's a little tricky, but
> doable.)

Sounds great.

> In MM2.1

> If the user is subscribed, and a url containing their email address is
> given, then they are presented with a page prompting only for their
> password.  If the email address is incorrect, or missing in the url,
> then they are prompted for both their address and password.
> This needs to change such that if private_roster is not "Anyone", then
> the same sets of prompts will be given regardless of whether the
> address is a member or not.

> This should avoid leaking any membership information.  I'll work on
> getting that into MM2.1.  Watch CVS.

Barry, this all sounds great. We'll be setting up a test machine this 
weekend just for testing out MM CVS code so we can track this and do what 
we can to help out (and also to work with Postfix and VERP). These changes 
will be much appreciated!