Great Circle Associates Majordomo-Workers
(October 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Is 'wh*ch' useful? --> moved from -work
From: Jason L Tibbitts III <tibbs @ hpc . uh . edu>
Date: 16 Oct 1997 14:28:52 -0500
To: majordomo-workers @ greatcircle . com
In-reply-to: Dave Wolfe's message of Thu, 16 Oct 1997 08:50:19 -0500 (CDT)
References: <199710161350.IAA24922@miaow.risc.sps.mot.com> 
>>>>> "DW" == Dave Wolfe <dwolfe@risc.sps.mot.com> writes:

DW> I haven't studied the Majorcool source to see what sort of security
DW> problems it contains (no time for such games, that's the author's job
DW> :-) ), but from a quick peek at the posted URL, it appears that Mjcool
DW> side-steps the issue by disallowing all sorts of otherwise valid
DW> address forms.

It seems that it will only tell you if an address is subscribed, not let
you so a full substring search.  Then again, I might not have found the
proper button (one reason I dislike graphical interfaces).

This is really as good as you can get with a web interface.  You have to
result to confirmation tokens for sensitive things, which would be
impractical in that situation.

DW> [...] and it still doesn't prevent anyone from finding out if any
DW> specific address is subscribed to a given list.

Outside of just not having that functionality in the interface, there will
never be a way to prevent it.

 - J<
Follow-Ups:
References:
Indexed By Date Previous: Re: Is 'wh*ch' useful?
From: Brock Rozen <brozen@torah.org>
Next: Re: Is 'wh*ch' useful?
From: Jason L Tibbitts III <tibbs@hpc.uh.edu>
Indexed By Thread Previous: Re: Is 'wh*ch' useful? --> moved from -work
From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Next: Re: Is 'wh*ch' useful? --> moved from -work
From: Norbert Bollow <nb@pobox.com>
Google
 
Search Internet Search www.greatcircle.com