[Mailman-Developers] Authorization System in Core

[Ankush Sharma]

Hi Harshit,

Their is no authentication system(OAuth etc.) set up between core and
client for now. The client uses plain HTTP calls to communicate to the
core. So, anyone with the credentials can alter any such permissions in the
core. So, for now core and client should reside on the same host. So, I
guess it would be better to implement the permissions stuff on the
postorius side as others pointed out !

PS : I worked on the Node.js mailman client last year. You can refer it here
<https://gitlab.com/black-perl/mailman-client.js>.

Thanks !

Ankush Sharma
ECE IV
IIT-BHU
Varanasi-221005
http://black-perl.in
Linkedin <https://www.linkedin.com/in/ankushsharma003>

On Sun, May 22, 2016 at 3:20 AM, Harshit Bansal <harshitbansal2015 at gmail.com
> wrote:

> Hi,
> Earlier, while discussing the permission system for manging styles, it was
> decided that the permissions system should be enforced in the core rather
> than in the postorius since otherwise it can be bypassed(deliberately or
> undeliberately). But one thing that I think I forgot to discuss was that
> currently there is no authorisation system in the core and now I am unable
> to figure out that how could the permissions be enforced in the core
> without an authorisation system.
> Should I workout an authorisation system for the core first or enforce
> permissions in postorius only?
>
> Thanks,
> Harshit Bansal
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-developers/ankush.sharma.ece12%40itbhu.ac.in
>
> Security Policy: http://wiki.list.org/x/QIA9
>