Re: [OT] Do be careful with your commands...

["Derek Martin-9" <user=7@nabble.blu.org>]

 On Tue, Jan 01, 2008 at 03:56:01PM -0500, Dan Ritter wrote: 
> > I'm not familiar with ezmlm-idx - how does it do passwords more 
> > securely? 
> 
> By not using them. Administration is by command line; if you 
> have the right permissions, you can do it. 
> Subscription/unsubscription/user tools are all done by mail 
> messages which are confirmed by magic cookie strings in subject 
> or body -- no magic cookie response, no further action taken. 

So, in fact, it's no more secure than mailman.  Instead of mailing 
passwords (the secret used to authenticate you) it mails you a cookie 
(the secret used to authenticate you).  The only difference is it does 
it when you (or the person impersonating you) are asking for stuff, as 
opposed to once a month.  If I'm impersonating you, I'm much more 
likely to be listening when I'm making requests than on the magic day 
your reminder gets mailed to you, so it's arguably less secure, albeit 
not significantly (though cookies change every time, whereas you need 
to rotate passwords, so... whatever -- not a big difference in any 
event). 

I've used (managed) majordomo, majordomo2, mailman, at least one other 
that I don't recall (possibly ezmlm, but I'm not sure) as well as some 
home brew stuff at past jobs...  I've never seen a mailing list 
manager that didn't have (what I consider to be) shortcomings...  I 
don't really think any one is better than any other -- they're all 
just different about the things they're good at, and the things that 
are annoying, as far as I can tell. ;-) 

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02 
-=-=-=-=- 
This message is posted from an invalid address.  Replying to it will result in 
undeliverable mail due to spam prevention.  Sorry for the inconvenience. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss