Great Circle Associates Majordomo-Workers
(October 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Is 'wh*ch' useful?
From: Norbert Bollow <nb @ pobox . com>
Date: Wed, 15 Oct 1997 12:01:29 +0200
To: tibbs @ hpc . uh . edu
Cc: majordomo-workers @ GreatCircle . COM
In-reply-to: <ufapvp799wz.fsf@sina.hpc.uh.edu> (message from Jason L Tibbitts III on 14 Oct 1997 18:55:56 -0500) 
Jason wrote:

> think any solution needs to be simple.
[..]
> * 'which' isn't really the only way to see which lists you're subscribed
>   to; the lists command works, too (but it doesn't show you exactly what
>   address you're subscribed as).

If the lists command would show you exactly what address you're subscribed as,
that'll allow a satisfactorily simple solution for the 'which' command.

> * The security risks come from people being able to do 'which a' and
>   systematically pull out large chunks of your list.

This is the most frequent kind of attack. However, it should be possible to 
use some mailing lists as support groups where it is not right for Majordomo
to answer queries of the kind 'is address user@example.com subscribed to the
list getfreefromaddiction ?'

Will a lists command over the web interface reveal this information to me
when I claim falsely that my e-mail address is user@example.com? If so, we
may have a simple solution for the which command (by setting M=0 for the
getfreefromaddiction list), but then the lists command needs to be fixed.

- Norbert.
Follow-Ups:
References:
Indexed By Date Previous: Re: Is 'wh*ch' useful?
From: Norbert Bollow <nb@pobox.com>
Next: Moderated Not Working
From: system administrator account <root@axe.humboldt.edu>
Indexed By Thread Previous: Re: Is 'wh*ch' useful?
From: Jason L Tibbitts III <tibbs@hpc.uh.edu>
Next: Re: Is 'wh*ch' useful?
From: Jason L Tibbitts III <tibbs@hpc.uh.edu>
Google
 
Search Internet Search www.greatcircle.com