[ mailman-Bugs-1155455 ] SSL support broken: form posts hard coded to insecure URL

SourceForge.net noreply at sourceforge.net
Thu Mar 3 00:48:09 CET 2005


Bugs item #1155455, was opened at 2005-03-02 23:09
Message generated for change (Comment added) made by tkikuchi
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1155455&group_id=103

Category: security/privacy
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 5
Submitted By: Graham Leggett (minfrin)
Assigned to: Nobody/Anonymous (nobody)
Summary: SSL support broken: form posts hard coded to insecure URL

Initial Comment:
After configuring mailman to be accessible from within
a secure webserver (httpd v2.1.3, RHEL3), if the
"create" option is used, the insecure http:// complete
website URL is encoded into the page form, thus
bypassing the secure webserver.

All forms should submit to relative URLs, which will
ensure that the correct website prefix is used.

The FAQ implies that mailman can be run on a secure
webserver and everything should "just work", however
this does not seem to be the case.


----------------------------------------------------------------------

>Comment By: Tokio Kikuchi (tkikuchi)
Date: 2005-03-02 23:48

Message:
Logged In: YES 
user_id=67709

Have you set 
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
in your mm_cfg.py ?
See 4.27 in mailman FAQ wizard:
http://www.python.org/cgi-bin/faqw-mm.py


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1155455&group_id=103


More information about the Mailman-coders mailing list