Majordomo-Users: Re: "trusted users" for commands needing &pproval?

Majordomo-Users
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: "trusted users" for commands needing &pproval?
From:	"Lazlo Nibble" <lazlo @ swcp . com>
Date:	Fri, 3 Jan 1997 11:09:24 -0700 (MST)
To:	majordomo-users @ greatcircle . com (mu)

>> Relying on just the email headers for verification is way too
>> insecure.
> 
> Then why is there a restrict_post feature?

Because allowing someone to post to the list is a lot less dangerous than
allowing someone access to the list's administration commands.

> Since you'd have to know who is a "trusted" user for administrativa...

Oh yeah, that's a tough one -- figuring out who a list's administrator is.

I don't see that giving people the admin password for your list is such a
difficult thing to manage that it would be preferable to introduce this new
security hole into the code.

-- 
::: Lazlo (lazlo@swcp.com; http://www.swcp.com/lazlo)

Indexed By Date	Previous:	Re: "trusted users" for commands needing &pproval? From: Rich Pieri <rich.pieri@prescienttech.com>
Indexed By Date	Next:	Re: "trusted users" for commands needing &pproval? From: richard welty <welty@balltown.cma.com>
Indexed By Thread	Previous:	Re: "trusted users" for commands needing &pproval? From: Rich Pieri <rich.pieri@prescienttech.com>
Indexed By Thread	Next:	Error setting up Major Domo From: "Nels Lindquist" <nels@maei.ca>