Re: list
- Date: Thu, 12 Feb 1998 19:34:06 +0100 (CET)
Wilfried,
On Thu, 12 Feb 1998, Wilfried Woeber, UniVie/ACOnet wrote:
+ >The only way to prevent most (but probably not all) forged subscriptions
+ >is the confirm mechanism but as James pointed out that too has problems
+ >but when choosing between two evils I would prefer a confirmation
+ >mechanism above the ease to subscribe local sublists.
+
+ Why is the cookie confirmation an .XOR. for subscribing a local sublist?
It is not exactly an .XOR. but depending on the implementation of the
software the acknowledgement of the subscription has to come from specific
return-adresses and that can cause either some hacking or at least using a
mail client that sends out the ACK as coming from the sublist address. But
again, this depends on how the cookie-mechanism is implemented. I don't
know how majordomo does it but I guess there will be some checking on
adresses. If the only check is the returned cookie than I guess there is
no problem at all and the confirmation mechanism has no repercussions for
sublist-subscriptions.
Xander
- References:
- Re: list
- From: Wilfried Woeber, UniVie/ACOnet