[Mailman-Users] Security

[Brad Knowles]

At 2:58 AM -0700 2004-08-11, zzizzle at zzizzle.com wrote:

>  Is anyone aware of the safety/vulnerability of these lists?  Are
>  these appropriate to use for kids?

	It depends on how much security you want/need.  Even if you run a 
closed list, anyone can spoof the sender address of a subscribed 
user, and get their messages through.  There is no way of adding 
cryptographic authentication features that could help ensure that 
only the real subscribed users can post to the list.

	Likewise, there are limited facilities for hiding the identity of 
posters, especially from each other.

	Unless you want to moderate each and every post, there are 
limited facilities at your disposal to prevent "inappropriate" 
content from being posted.

	Unless you go out of your way to SSL-secure the entire Mailman 
portion of the website, anyone can sniff the passwords going across 
the network, since they are sent in cleartext.


	In short, the security available to you is about the same as 
keeping a spare key under the mat in front of your door.  Anyone who 
knows to look there can get into your house in a heartbeat.  Anyone 
else would have to pick the lock or find some other way in, such as 
an unlocked or open window, or a sliding glass door.

	Most of the locks that people have on their doors are easily 
picked in a few seconds by a person with the right tools and 
knowledge.  Same with all the other methods of entry.


	Just how much security do you think you want/need?

-- 
Brad Knowles, <brad.knowles at skynet.be>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.