[Mailman-Users] Passwords

Nigel Metheringham Nigel.Metheringham at dev.InTechnology.co.uk
Thu Jun 5 14:54:42 CEST 2003

On Wed, 2003-06-04 at 23:18, Derek Simkowiak wrote:
> 	Replace the "password reminder" email with a simple "confirmation" 
> email.  If you want to keep user options hidden then replace the 
> "Password Reminder" button with a "Email me my options page URL" button, 
> which emails the user a URL with an embedded cookie.

Its a password!
OK, it can be made time limited (how long though) and stuff like that,
but its still really a password :-)

I like the idea, except it needs to be expanded so that web access is
not required - you should be able to do this all by email too.

Maybe - if the installation handles VERP-like addressing - the cookie
can be made part of the sender address so a reply (from a sane MUA - we
aren't going to bend over backwards for the criminally insane here)
would be pre-authenticated - again with time limits and stuff (a day or
so is OK, a month isn't).   However if we do this sort of magic then we
need to handle the worst that stupid MTAs come up with for bounces.

[ Nigel Metheringham           Nigel.Metheringham at InTechnology.co.uk ]
[ - Comments in this message are my own and not ITO opinion/policy - ]

More information about the Mailman-Users mailing list