Developers of Sympa

[IKEDA Soji <address@concealed>]

Hi developers,

I realized that authentication key used by AUTH command is reusable.
Because It depends only on target email and list name if any, and
secret "cookie" parameter (See Sympa::compute_auth() to generate
this key).  To disable the key, administrator has no choice but
changing "cookie" parameter.

Remarkable case is global REMIND command.  Once auth key is
disclosed, any users will become able to send a command
"AUTH <auth key> REMIND *" to distribute remind messages to all
users.

So I propose changing AUTH command to use one-time auth keys similar
to which CONFIRM and DISTRIBUTE commands use, instead of persistent
keys.

Any objections or questions?


Regards,

-- Soji.

-- 
株式会社 コンバージョン  セキュリティ&OSSソリューション部   池田荘児
〒140-0014 東京都品川区大井1-49-15 アクセス大井町ビル4F
e-mail address@concealed  TEL 03-6429-2880
http://www.conversion.co.jp/