|
Sender: |
|
Subject: |
|
From: |
|
Date: |
Thu, 15 Sep 1994 18:29:50 +0200 |
In-Reply-To: |
Message of Thu, 15 Sep 1994 11:30:18 -0500 from LISTSERV list
owners' forum < [log in to unmask]> |
Reply-To: |
|
On Thu, 15 Sep 1994 11:30:18 -0500 Dan Wheeler <[log in to unmask]>
said:
>Hiding the editor from review is not enough. The messages to my list are
>now distributed with a Resent-from: header line that gives the editor
>address. I'd like the LISTSERVer to take out that line from the message
>header.
And that's still not enough. LISTSERV must be modified not to give the
editor address in the message saying "your mail has been forwarded". Then
it must be modified to look for "Received:" lines that might have the
address of the editor, and remove them. Then it must look for a
"Message-ID:" line and do the same thing, and so on. In fact, you
probably have to disable the IETFHDR option altogether. And when you've
done all that, you've just barred a single road for the hacker. There are
other ways to have the message distributed (it's probably best if I don't
give details). The bottom line is that this is not a working way to
protect your list. A possible working method would be to use the OK
mechanism to require the editor to confirm that he actually sent the
message. It would still close only one of the roads, but it would close
it in an acceptable way, without impacting usability and having to
maintain voodoo code all over the place.
Eric
|
|
|