>>>>> "BH" == Bill Houle <Bill.Houle@SanDiegoCA.NCR.COM> writes:
BH> Older versions of MajorCool used a contrived regexp to validate an
BH> address's syntax. As most will agree, it is difficult to come up with a
BH> regexp that will accurately quantify every idiosyncracy of valid RFC822
BH> syntax. Therefore, more recent versions rely mainly on the valid_addr
BH> function provided by Majordomo. So no, MajorCool does not "disallow all
BH> sorts of valid address forms" (any more so than does Majordomo).
You are, of course, free to use the code in lib/Mj/Addr.pm from the
Majordomo 2 distribution. It is _much_ better at detecting bad addresses.
BH> It is true that it will not prevent anyone from seeing specific
BH> addresses. However, you would have to iterate over every single
BH> alphanumeric string permutation to be able to identify all subscribers
BH> of a list. Assuming that was a computationally reasonable thing to do
BH> in the first place, the same could be done with mail to Majordomo as
BH> well.
I agree with all but your last assertion. Since it's possible to restrict
which to an exact match (well, subject to aliasing and transformation) of
the reply address (should we decide to do this), this completely prevents
hacking since the hacker will never see the reply. The web interface has
no such restriction, since it can't verify the address and presents its
results immediately. The shell interface has the same problem.
- J<
Follow-Ups:
References:
|
|
