At 5:56 PM -0500 1/7/2000, Tim Pierce wrote:
> In order to
> make it sufficiently easy for the clueless to authenticate, the
> authentication instructions need to be fairly prominent, enough
> that it would not deter someone specifically interested in harvesting
> your archives.
I think it's 'only' necessary to make the archives as safe as being
subscribed is (and that's another discussion entirely!) -- which is
why authentificating against whether the person is subscribed or not
is where I'm headed.
Hmm. Here's a thought. you have a web page, where you type in your
e-mail address. That's validated against the subscriber lists, and if
you authenticate, you e-mail the access into to the user. then, you
change the password on a regular basis (daily?) or even on a per-user
basis, if you want. With an SQL backend, adding a password field
isn't that bad, and allowing a user to set a password (and e-mailing
it to them again if they forget) isn't terribly difficult.
Hmm. that has potential.
> I have never been able
> to find evidence of someone targeting our archive directly for
> e-mail addresses and just don't worry about it.
I haven't, either, but I do worry about it, because the only thing I
can guarantee is if/when someone DOES target it, it'll be at the time
I can least afford to have to deal with it...
Chuq Von Rospach - Plaidworks Consulting (mailto:email@example.com)
Apple Mail List Gnome (mailto:firstname.lastname@example.org)
Pokemon is a game where children go into the woods and capture furry
little creatures and then bring them home and teach them to pit fight.