Hi Barry and Thank to answer!
You said "should". But in 95% of the lists that I look, those links are always open. An random example: The official MailMan mailing list. Follow my steps:
1 - Open this link: http://mail.python.org/mailman/admin
2 - After, click in "create a new mailing list"
3 - You can try to create a new list until discover the corret password (if you don't know). But, if you dont know the password, you can try to use a bruteforce. They are very easy to find and very, very, very easy to use. Sometimes they work very well.. hehehe.
Again: Anyone in anywhere can try to create a new list. It's correct??!!
Thanks Barry!!!
P.S.: Try those same steps in othes Mailing Lists Sites. Always work!
On Mon, Jan 5, 2009 at 11:53 AM, Barry Warsaw <barry@list.org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Jan 5, 2009, at 8:04 AM, Edilson Azevedo wrote:
Hi Developers! I've a question:
Why in all lists sites that I look, the "Admin Links" is open? Worst: Why (inside the Admin Links) the link "create a new mailing list" is open? Anyone in anywhere can to try until discover the Admin password??
My doubt is: Why those links are open to world? I think that it's very insecure, or not?!?
Really? Those links should always be behind a login screen.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkliEN8ACgkQ2YZpQepbvXEk3gCfZEX4GJ5blkATZDZHxlbMnQlw p+gAnjSD4Gmrh+By/YGYl3QgBwiSRa1K =fJV0 -----END PGP SIGNATURE-----
-- Atenciosamente,
Edilson Azevedo (19) 3787-3312 (12) 8156-5590 Mail / Gtalk: eazevedo@bsd.com.br