[Mailman-Users] Security
Brad Knowles
brad.knowles at skynet.be
Wed Aug 11 13:23:48 CEST 2004
At 2:58 AM -0700 2004-08-11, zzizzle at zzizzle.com wrote:
> Is anyone aware of the safety/vulnerability of these lists? Are
> these appropriate to use for kids?
It depends on how much security you want/need. Even if you run a
closed list, anyone can spoof the sender address of a subscribed
user, and get their messages through. There is no way of adding
cryptographic authentication features that could help ensure that
only the real subscribed users can post to the list.
Likewise, there are limited facilities for hiding the identity of
posters, especially from each other.
Unless you want to moderate each and every post, there are
limited facilities at your disposal to prevent "inappropriate"
content from being posted.
Unless you go out of your way to SSL-secure the entire Mailman
portion of the website, anyone can sniff the passwords going across
the network, since they are sent in cleartext.
In short, the security available to you is about the same as
keeping a spare key under the mat in front of your door. Anyone who
knows to look there can get into your house in a heartbeat. Anyone
else would have to pick the lock or find some other way in, such as
an unlocked or open window, or a sliding glass door.
Most of the locks that people have on their doors are easily
picked in a few seconds by a person with the right tools and
knowledge. Same with all the other methods of entry.
Just how much security do you think you want/need?
--
Brad Knowles, <brad.knowles at skynet.be>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list