Jim Popovitch wrote: > >This is a question that has been bugging me for a while. If a moderator >adds an "Approved: xxxxxx" header but misspells "Approved", then their >password goes on to the list for all to see. Without setting filters >for each and every password (esp., moderator passwords which I prefer >admins to not know, and vice versa) is it a good idea to add a feature >to Mailman that would automatically hold emails that contained an admin >or moderator password in the first few lines of the email body?
Well, we already accept "Approve:" and are case insensitive. Beyond that, it might be difficult in general because we don't have a plain text password to look for, so we would need to check every 'word' against the admin and moderator passwords and maybe the site password just in case someone thought it could be used here, and we still wouldn't catch a misspelled password or one with an extra space in it. Consider the possibility that someone had a hand shifted on the keyboard and mistyped both Approved: and the password. It would be fairly easy for a human to figure out what happened and decode the password, but I don't know how to program it's detection in advance. There are some possibilities to consider. We could hold any post with a "header like" line in the body that wasn't Subject: or Keywords:, but is this necessary? Presumably, if approve(d) is misspelled, the post will be held anyway. If not, why are we putting an approved line there in the first place? -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp