[ Mark Rauterkus writes: ]
>
> Not sure what [...] David, mean with the following.
>
> RE: Majorcool.
> >> But, since this is all with a web interface, it works well, only
> >> for web folks.
> >
dw>Which I can programmatically feed and get the contents of your lists
dw>in less time that it'd take via e-mail. Sorry, no cigar. A web i/f is
dw>no protection at all.
I interpreted the assertion to be "since this is a (manual) web
interface, it's not practical to extract addresses using it because it
would be very time consuming." My point is that CGI programs can be fed
from other programs, no browser and no "pointing and clicking" involved,
so they don't provide any inherent security.
I haven't studied the Majorcool source to see what sort of security
problems it contains (no time for such games, that's the author's job
:-) ), but from a quick peek at the posted URL, it appears that Mjcool
side-steps the issue by disallowing all sorts of otherwise valid address
forms. While that may limit its security exposure, it also limits its
application and usefulness, and it still doesn't prevent anyone from
finding out if any specific address is subscribed to a given list.
--
Dave Wolfe
Follow-Ups:
|
|
