[Mailman-Users] privacy problems with web interface

Federico Grau donfede at casagrau.org
Sat Sep 22 22:12:42 CEST 2001


We're running a 16K member mailing list on version 1.1
and running into a significant privacy issue regarding
membership management.

As distributed, Mailman makes it trivial to discover 
if a given address is in fact a subscriber. If you suspect
dev at null.com has joined a list, go to the user page and
enter his address to subscribe; you'll get back a revealing
reply 'You already belong, dummy'..

We initially yanked large chunks of html from the general list
information page, but that removes all web-based user options.

Our ideal outcome is a General List Info Page with two actions:

    No password section:
    Current users get passwords (if any) mailed; with the web page
    not saying if any address is subscribed or not. If not a
    subscriber, Mailman would send a "subscription confirmation"
    notice to the potential member. (This also alerts the 'victim'
    of potential abuse.)

    Password presented sections:
    Users w/ password see no feedback until after entering a valid ID
    and pw; i.e. both non-existent users and existing ones w/bad pw's
    are both met with "Sorry, wrong password" as in a *nix login.

We looked at modifying the html on the user pages but the python
module "handle_opts" seems hard-coded into giving revealing responses.
We also glanced at Mailman 2.0.6 but it seemed to offer the same

Has anyone else already looked into this issue, and proposed code to
solve it? We are considering writing a patch for "handle_opts" and and
submitting it but 1) don't want to fork the code, and 2) don't want
to duplicate/waste the effort.

David and Federico

More information about the Mailman-Users mailing list