I figured I'd bring this up for possible discussion...
Because of the virus attack that hit just before Christmas, it made
me take a closer look at the mailing list archives and just how
secure they are, both from a scenario where someone decides to
attack a list by harvesting addresses and mailing list members
directly, and the more general anti-spammer harvesting issue.
The problem is how to make archives easily accessible, without
leaving them wide open to anyone. It's an interesting tradeoff.
I use two sets of archives. One is web based, using Web Crossing
(www.webcrossing.com), which keeps threaded archives for about 30
days. I found it was possible to access e-mail addresses as guest, so
I'm in process of recoding it so that guests can't access that info.
Guests will still be able to browse, but can't access key identifying
data without logging in and registering on the site.
My other archive is via FTP, making the digested versions of things
available (and that is accessible via a search engine). This, of
course, is wide open. I've considered a number of ways to put some
better controls on this. The easy one, obviously, is to put it behind
a password, and make the password available in the list documentation.
But -- that fails any number of sniff tests. It's a step up from no
protection at all, but anyone motivatged enough to target the
archives specifically won't get slowed down significantly. It's a
false security.
What I've decided to do for now is to move the archives from FTP to
HTTP, on an Apache server, and then to write an apache
authentification module. When you try to access the archives, you'd
have to give your e-mail address, and you'll be validated in only if
that e-mail address is a subscribed user. That puts the archives at
the same level of security as the list itself -- they can only be
accessed by someone who has gone through the subscription validation
process (so by definition, they can get your e-mail simply by reading
the list). It locks out anyone who isn't subscribed, so it locks out
anyone you've kicked off the list or who isn't willing to give you a
valid e-mail (assuming subscriptions are mailback-validated).
anyone see any problems with this? I didn't want Yet Another
Password, and it seems to me an authentification scheme that ties
into the subscriber database is the easiest way to close off access
without significantly raising complexity for the end user. Anyone see
any real flaws here?
--
Chuq Von Rospach - Plaidworks Consulting (mailto:[EMAIL PROTECTED])
Apple Mail List Gnome (mailto:[EMAIL PROTECTED])
Pokemon is a game where children go into the woods and capture furry
little creatures and then bring them home and teach them to pit fight.
