[ mailman-Patches-892118 ] limit admin privs on user options page
SourceForge.net
noreply at sourceforge.net
Fri Feb 6 17:28:08 EST 2004
Patches item #892118, was opened at 2004-02-06 22:28
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=892118&group_id=103
Category: Web UI
Group: Mailman 2.1
Status: Open
Resolution: None
Priority: 5
Submitted By: Donn Cave (donnc)
Assigned to: Nobody/Anonymous (nobody)
Summary: limit admin privs on user options page
Initial Comment:
A list admin may reasonably modify your password,
change your email address, flags etc. for his or her list,
but has no business doing so for other lists, shouldn't
even be able to see what other lists you subscribe to.
This patch to options.py disables these global options,
when the user in question is not the one authorized by
the options page (i.e., the list admin.)
It isn't bullet-proof - I can still change your password
and then come back as you to do all this stuff. I haven't
mentioned this to our support staff yet, but they take
this kind of thing very seriously and I expect that shortly
I will be turning off admin password access too.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=892118&group_id=103
More information about the Mailman-coders
mailing list