Unique token for message approval
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
New
|
Medium
|
Unassigned |
Bug Description
I requested this on mailman-users; going ahead and
submitting as a feature request as per your request on
the list.
.....
From <email address hidden>:
It seems like it would be nice to setup a method of
confirmation for *approving* messages that uses a unique
token instead of the list password; while (hopefully) in
most cases, the moderator will be sending approval messages
over SSL or from the same machine the list is on, it seems
like a bad idea to make the confirmation token the list
password (especially in case you accidentally add the
'Approved:' header to the wrong message, or in case someone
spoofed a message appearing to be from Mailman in order to
try and scam list passwords)....
How about generating a unique one time password and having
people add this to the Approved: header? This would make it
much harder for someone to accidentally disclose the list
(or worse, site) password.
[http://