[Mailman-Developers] Mailman Usability
Terri Oda
terri at zone12.com
Fri Mar 4 22:09:28 CET 2005
On Mar 4, 2005, at 5:50 AM, Fil wrote:
> But I still find it too complex; we should get rid of the password
> thing.
> People just nedd to know where they can see more options.
I've been thinking a bunch about this since it was mentioned as a
security problem a while back, and the more I think about it, the more
I like the idea of not having passwords for regular users. (Or having
it possible for admins to disable passwords for regular users.)
I was thinking that it'd be best replaced with timed
email-authorization things, the way you can currently unsubscribe
without a password. I don't know how long the timeout on those things
are, but having it send you an email with a link to the archives or
your options seems feasible. Having the links only be valid for a
given time (say, an hour?) would reduce the threat of dictionary
attacks *and* mean that more users can figure out how to do things on
their own. ;)
Terri
More information about the Mailman-Developers
mailing list