On Tue, Oct 06, 2015 at 12:07:25AM +0900, Stephen J. Turnbull wrote: > Perhaps a per-user login attempt limit would work for you. Each > (ab)user is different. But I don't think it's a good idea for a > supported feature of Mailman, it's too fragile and it would be an > invitation to an endless series of "improvements" as the admins get in > arms races with the rogues.
Very much a +1, especially if we're looking at modern design, then this could (for those wanting it) be a plugin, or shocker, using something already out there. > It might be possible to revisit this in Mailman 3 (when we get a > unified authn/authz story) using a token-based approach where the > token is acquired somewhere that already has a stronger authentication > story. But that will require serious coding. I think I'd prefer the ability to void/regenerate tokens, rather than anything else. Although with sophisticated API management tools, shaping may be an option… I'm not an advocate for "fixing" things in the application, rather than at say, transport/network layer; to setup Mailman, one's in(evit|vari)ably going to need root access anyhow, so one might as well do things properly. -- "Opera, next to Gothic architecture, is one of the strangest inventions of Western man. It could not have been foreseen by any logical process." -- Kenneth Clark ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org