Lyris User's Guide
[previous] [next] [contents]
Steps to restrict false impersonations
Table of Contents
Introduction
Lyris Email Commands
Web Interface for Users
Server Administrator
Site Administrator
List Administrator
Other Topics
Security Considerations
Security Issues Relating to Members
Access to the list archives
Access to the list of members
Access to Subscribe to the Mailing List
Steps to restrict false impersonations
Security Features for Posting Messages
Access to unsubscribe and change settings
Visibility of the existence of the mailing list
Web Interface Access
Overview of Lyris Posting Security
Security Considerations of the From: field
Security Recommendations for Announcement lists
How Lyris Determines the Identity of the Person Posting
Lyris Mail Merge
The Lyris command line
Modifying lyris.plc
Add-On Packages
Installing and Upgrading
Appendix
Frequently Asked Questions

Steps to restrict false impersonations

If you do not require your members to have passwords, then non-members may be able to get their way into your mailing list, and read the archives, if they know just the email address of a member on your list. The reason for this is that Lyris protects members with a username/password combination, with the email address as the username. Thus, if your members have no passwords defined, it is fairly easy to log in as them.

If you are concerned by this, you can set your mailing list to require member passwords. If you enable this list setting, Lyris will automatically assign a random password to subscriptions obtained via email, and notify the subscriber of their password. Lyris-generated passwords are built on an easy to remember adjective-noun combination, so that they do not present an overwhelmingly difficult password to remember. With this option enabled, subscriptions over the web will require that a password when the Subscription form is filled out in order to be approved.

Other pages which link to this page:
  • Security Issues Relating to Members
  • Page 369 of 556