You are here: Home > Participate > Join a Discussion > Mailman Archives
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: list

  • To: "Wilfried Woeber, UniVie/ACOnet" < >
  • From: Xander Jansen < >
  • Date: Thu, 12 Feb 1998 19:34:06 +0100 (CET)
  • Cc:

Wilfried,

On Thu, 12 Feb 1998, Wilfried Woeber, UniVie/ACOnet wrote:

+ >The only way to prevent most (but probably not all) forged subscriptions
+ >is the confirm mechanism but as James pointed out that too has problems
+ >but when choosing between two evils I would prefer a confirmation
+ >mechanism above the ease to subscribe local sublists. 
+ 
+   Why is the cookie confirmation an .XOR. for subscribing a local sublist?

It is not exactly an .XOR. but depending on the implementation of the
software the acknowledgement of the subscription has to come from specific
return-adresses and that can cause either some hacking or at least using a
mail client that sends out the ACK as coming from the sublist address. But
again, this depends on how the cookie-mechanism is implemented. I don't
know how majordomo does it but I guess there will be some checking on
adresses. If the only check is the returned cookie than I guess there is
no problem at all and the confirmation mechanism has no repercussions for
sublist-subscriptions. 

Xander






  • Post To The List:
  • Follow-Ups:
  • References:
    • Re: list
      • From: Wilfried Woeber, UniVie/ACOnet
<<< Chronological >>> Author    Subject <<< Threads >>>