While resetting my subscriptions to digest, I decided to experiment a bit.
I notice that you only have to enter an email address in order to get
access to the page of edit options -- no password needed.

Thus if you're wondering if a particular individual is subscribed to a
particular list, you can type in their name and get their edit page. Which
is confirmation that they are subscribed. For certain lists, that would be
a confidentiality issue. It is for several of my lists. I have set the
configuration to hide membership list...

But... I typed in the address of a person I know is subscribed, and poof! I
got their edit page -- without having to enter a password. So now if I know
an email addy I can confirm whether a person is a member of an email list
or not -- even if the administrator has hidden the membership list.

My question is this: if a user has clicked to hide his list membership, can
somebody who knows their email addy click into their subscription page and
see their info? My ISP flooded and burned and still hasn't fixed it so that
I can get into the admin pages, so I can't fiddle around testing it.

Since most users don't have this much subtlety when it comes to security,
wouldn't it be better to require the password *before* allowing people to
access their edit page?

Basically, if you know some one's email, and have an idea of their area of
interests, you can scope our their mailing list memberships. Most people
don't care, but some do. I have members that do. They aren't
technologically skilled enough to have detected this gap in their privacy,
and I now have an ethical question: Tell them, and have them flip out? Or
decide that understanding the software is their obligation, not mine, and
it's not my responsibility to decide if their confidentiality needs have
been met?

So I really need to know exactly how this stuff works in order to make a
management decision.

I suppose some might think this is a trivial concern, but once in a while
we do get somebody with a personal vendetta trying to cause crap for us or
one of our users. In each case the malicious person was, in my humble
opinion, a fruitcake, but one of them was actually a technically competent
fruitcake. My organization operates in the field of mental health and civil
rights, so lunatics and bigots are an occupational hazard. Prevention is
the best disaster recovery plan of all.


listwrangler at iximd.com
List administrator and webmaster

For help with subscribe/unsubscribe, troubleshooting, or more info about
The American Boyz email lists, please visit:
home.iximd.com/~amboyz/online.html, or request a copy of the Amboyz Elist
Help File to be emailed to you.

If you are familiar with Mailman, the following lists are implemented with
Mailman and use standard Mailman features: Amboyz-Main, Amboyz-Announce,
TrueSpirit, and ElderTG

The American Boyz, Inc. (not-for-profit)
212A S. Bridge St, #131, Elkton, MD, 21921
FAX: 410-620-2024; URL: home.iximd.com/~amboyz; EMAIL: amboyz at iximd.com

Search Discussions

  • Ron Jarrell at Sep 22, 1999 at 10:24 pm

    At 12:19 PM 9/22/99 -0500, Listwrangler wrote:
    Since most users don't have this much subtlety when it comes to security,
    wouldn't it be better to require the password *before* allowing people to
    access their edit page?
    Yes, except for the fact that the links the users needs to access to get his
    password back if he forgot it are on *that* page...

    I suppose there could be a new level of security; extreme, where if they forget
    their password, tough, email the admin...

    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://mail.python.org/pipermail/mailman-users/attachments/19990922/8823ba1c/attachment.htm

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
postedSep 22, '99 at 5:19p
activeSep 22, '99 at 10:24p

2 users in discussion

Listwrangler: 1 post Ron Jarrell: 1 post



site design / logo © 2022 Grokbase