[Merge] lp:~jimmy-sigint/mailman/restapi_auth into lp:mailman

Jimmy Bergman jimmy at sigint.se
Tue Sep 28 12:01:19 CEST 2010

Jimmy Bergman has proposed merging lp:~jimmy-sigint/mailman/restapi_auth into lp:mailman.

Requested reviews:
  Mailman Coders (mailman-coders)

In my opinion the REST API needs to be authenticated for the following reasons:

1. Even though it is by default exposed only on localhost, this means that all local users can administer mailing-lists instead of only some specific user like root.

2. It makes sense to use the REST API for integrating with external systems. These external systems will often be on other servers, causing the need for exposing the REST API on different interfaces than the loopback interface. For this authentication is a requirement.

The change in my branch solves this by adding a single shared username/password in the webservice section of the config using the parameters admin_user and admin_pass. The API is then changed to require HTTP basic auth using these credentials.

Your team Mailman Coders is requested to review the proposed merge of lp:~jimmy-sigint/mailman/restapi_auth into lp:mailman.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: review-diff.txt
Type: text/x-diff
Size: 1895 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-coders/attachments/20100928/720fc51c/attachment.diff>

More information about the Mailman-coders mailing list