[Mailman-Developers] sender-based authorisation
Barry Warsaw
barry at python.org
Sat May 20 18:30:30 CEST 2006
On Fri, 2006-05-19 at 15:21 -0700, Mark Sapiro wrote:
> We definitely want to move towards a single 'user identity/account' per
> person per site with a single authorization and multiple email
> addresses and subscriptions. Quoting from the todo list
> <http://www.list.org/todo.html>
Yes, this is definitely on the list!
> In the mean time, I think you could accomplish much of what you want
> with a custom handler. It would need to have access to a user file
> which defined the user's capabilities and posting password, but it
> would be simple for it to then use some feature of the message to
> validate the poster, remove the secret information and set the
> approved flag in the message metadata (not the Approved: header, but
> the flag that the Approved header causes to be set.)
Another possibility is to extend Approve.py to accept multiple Approved:
headers. This would be fairly easy: you need to use Message.get_all()
and loop through every header value you found. You'd probably also want
to extend the body search to accept multiple Approved lines as the first
in a text/plain part. Additionally, you'd probably want to put some
mm_cfg.py defined maximum number of headers to accept to cut down on
trolling for passwords.
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: This is a digitally signed message part
Url : http://mail.python.org/pipermail/mailman-developers/attachments/20060520/ff782c0e/attachment.pgp
More information about the Mailman-Developers
mailing list