>What I've decided to do for now is to move the archives from FTP to
>HTTP, on an Apache server, and then to write an apache
>authentification module. When you try to access the archives, you'd
>have to give your e-mail address, and you'll be validated in only if
>that e-mail address is a subscribed user. That puts the archives at
>the same level of security as the list itself -- they can only be
>accessed by someone who has gone through the subscription validation
>process (so by definition, they can get your e-mail simply by reading
>the list). It locks out anyone who isn't subscribed, so it locks out
>anyone you've kicked off the list or who isn't willing to give you a
>valid e-mail (assuming subscriptions are mailback-validated).
>
>anyone see any problems with this? I didn't want Yet Another
>Password, and it seems to me an authentification scheme that ties
>into the subscriber database is the easiest way to close off access
>without significantly raising complexity for the end user. Anyone see
>any real flaws here?
Well, they have to give _a_ e-mail address, but I don't see where it
makes them give _theirs_. If they only have to know the address of
_someone_ who is subscribed to the list then it doesn't really lock
out anyone who was once on the list but since kicked off. For anyone
else, if the list info gives your address anywhere (maybe it doesn't)
and you're a subscriber, then everyone can be assured of knowing one
valid address.
-Mitch
