On Fri, 2005-02-11 at 05:01, Ian Eiloart wrote: > >> I'm all for the password-less stuff, but then how do you authenticate for > >> members-only archives? I've got big lists that must be members-only for > >> the archives. > >> > > > >>> Most of the user operations should be done by confirmation string > >>> sent by email message. > > > > Operations include authentication. > > So, to access the private archive I have to wait for an email message?
One way to make this not suck as much is to drop a cookie that lives longer than the session, after you click-authenticate the first time. However, this is fairly dangerous if you were to read private archives from a public machine, which is why cookies all currently expire at the end of the browser session. The same situation occurs for accessing the options page, but that is a much less common operation. Maybe users are willing to wait for an email round-trip in order to change their options. I tend to think not though -- they may hitting the web interface from a machine that doesn't have access to their mail, and then they're screwed. Integrating with external user storages for authentication should help out a lot here, but I'm just not seeing how we can totally eliminate passwords. I'm willing to be convinced though. -Barry
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
