On 02/13/2014 03:12 PM, Vitor Choi Feitosa wrote:
I'd like to support a better solution in which ssl would be used only when needed. That would result in better caching at web proxies on ISPs and companies and woudn't prevent intrusion detection and prevention systems from working.
But exactly which pages would you not secure? You are concerned about the admin Membership List, so aren't you also concerned about the list roster, the private archives and user options login, the user options page with the capability to change password, the listinfo subscribe form and possibly others. What's left to not secure.
This kind of behavior will probably come by default in mailman 3. In the meantime, I guess it should require only small changes on the code to generate relative urls instead of absolute, and if it's as easy as I think it is then it would be a nice improvement in mailman 2. :)
The code currently has a flag for requesting an absolute URL. Some URLs are requested as absolute and others not. I've only been working with Mailman for about 9 years and I don't know the reasons why some URLs are requested absolute, so I would have to examine each case to determine the unintended consequences of making the URL relative. This is only a trivial change in the code, but a lot of work to examine possible consequences in each case.
If you wanted to try it in your installation, you could change all occurrences of 'absolute=1' to 'absolute=0' in Mailmna/Cgi/*.py.