alan little's weblog

your blog's got mail

25th September 2003 permanent link

One of the things coming in a future version of AYAWT will be weblogging by mail. I think I would sometimes find email more more convenient than a web interface; what I don't want, obviously, is things being published on my weblog that aren't actually by me. (I'm sure there are hordes of people out there just waiting to pass their deluded opinions off as mine).

So, how to combine convenience with a reasonable level of security? Whitelisting the addresses that are allowed to post by mail will clearly help a bit, but is far from adequate because it's too easy to forge mail headers. I think I'm probably going to go for whitelist plus challenge-and-response - that way, the system is as secure as access to my mail accounts, which is good enough.

The process would look like this:

  1. I mail a weblog entry to the address that the AYAWT is watching (e.g. weblog [at] alanlittle {dot} org)
  2. AYAWT checks that the mail appears to be from an approved (whitelisted) address
  3. if so, it parses the message into my standard weblog entry format (including automatically extracting any external links for use as sidebar links, if a configuration settng tells it do do so)
  4. it adds some kind of not-too-easy-to-forge magic number - I'm thinking something like an MD5 hash of part but not all of the message
  5. then it mails the formatted entry, with magic number, out to the weblog editor email address (me)
  6. I get the message, possibly edit it, and send it back with something to indicate approval, still with the magic number attached
  7. AYAWT receives the approval message, checks the magic number, and if it's ok publishes the entry

No security-through-obscurity here. No real security at all, I'm sure anybody who knows anything about these things would say, but I think it will do for my little obscure weblog.

I notice Dave Winer is touting mail-to-weblog as a big deal new feature in Manila. It looks easy enough to me - probably because I haven't actually tried to build it yet. Their security mechanism - whitelist plus a password embedded in the subject line - looks easier to use than mine but even less secure.

In related weblog tool development news, I notice that Kimbro Staken, who emailed me in response to one one of my earlier comments about python on OS X, is also building a python-xml content management system and is further on with his than I am with mine. Russell Beattie has also been thinking out loud about something similar in Java. Everybody's doing it. Russ and Kimbro both seem to be focused on Big Thoughts about Architecture; whereas my one hour a day (max) of available development time forces me to be adopt the latest hot software engineering practices. I don't have time to do anything except The Simplest Thing That Could Possibly Work; I definitely Never Add Functionality Early. You won't find any Premature Optimization in my code either, thank you very much.

related entries: Programming

all text and images © 2003–2008