On Fri, Jul 28, 2000 at 08:14:21PM +0100, Roger Burton West wrote:
As for the user side, how would you prevent malicious foreign unsubscriptions without a password? The existing "confirm" patch from aks would be helpful, here. You mean _is_ helpful here. It already exists; why re-invent it?
Yes; the thing is, I don't think it would be _optional_ any more. Anything that lets people unsubscribe arbitrary addresses by mail is open to abuse; but if they can do it by web, it _will_ be abused, because you've just opened it up to all the real idiots out there.
You could easily integrate the confirm addon into SL. I think it will be installed by default with Debian Linux. If you want a more secure unsubscription mechanism for a web interface you need something like passwords, PGP keys or SSL client certificates ;) which is all much more complicated for the ordinary user than simply pushing the reply button of the mail client to confirm a (un)subscription. Werner