Implement SUBSCRIBE_FORM_SECRET to mitigate bot subscribes. (LP: 1082746)

author: Mark Sapiro <msapiro@value.net> 2012-11-24 14:44:15 -0800
committer: Mark Sapiro <msapiro@value.net> 2012-11-24 14:44:15 -0800
commit: 93037ce44ab48aabad4564fbdfe1c967908e8ae8 (patch)
tree: 66f1370a4c07f842778c3ad6e75d45641bc58119 /NEWS
parent: 85bd5f5e232b3fb6fc83f57e9e164bfa82d50e5c (diff)
download: mailman2-93037ce44ab48aabad4564fbdfe1c967908e8ae8.tar.gz
mailman2-93037ce44ab48aabad4564fbdfe1c967908e8ae8.tar.xz
mailman2-93037ce44ab48aabad4564fbdfe1c967908e8ae8.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 6ceeb17b..84fdebf5 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,14 @@ Here is a history of user visible changes to Mailman.
 
   New Features
 
+    - There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put
+      a dynamically generated, hidden hash in the listinfo subscribe form and
+      check it upon submission.  Setting this will prevent automated processes
+      (bots) from successfully POSTing web subscribes without first retrieving
+      and parsing the form from the listinfo page.  Note that enabling this
+      will break ant static subscribe forms on your site.  See the description
+      in Defaults.py for more info.  (LP: 1082746)
+
     - add_members now has an option to add members with mail delivery disabled
       by admin.  (LP: 1070574)
author	Mark Sapiro <msapiro@value.net>	2012-11-24 14:44:15 -0800
committer	Mark Sapiro <msapiro@value.net>	2012-11-24 14:44:15 -0800
commit	93037ce44ab48aabad4564fbdfe1c967908e8ae8 (patch)
tree	66f1370a4c07f842778c3ad6e75d45641bc58119 /NEWS
parent	85bd5f5e232b3fb6fc83f57e9e164bfa82d50e5c (diff)
download	mailman2-93037ce44ab48aabad4564fbdfe1c967908e8ae8.tar.gz mailman2-93037ce44ab48aabad4564fbdfe1c967908e8ae8.tar.xz mailman2-93037ce44ab48aabad4564fbdfe1c967908e8ae8.zip