[Mailman-Developers] Secure admin pages
Barry A. Warsaw
firstname.lastname@example.org (Barry A. Warsaw)
Fri, 17 Dec 1999 00:38:46 -0500 (EST)
>>>>> "DM" == Dan Mick <Dan.Mick@West.Sun.COM> writes:
DM> We set up an SSL arrangement so our admin password isn't
DM> traversing the net in clear text, but were temporarily
DM> thwarted by the fact that the admin CGI scripts sometimes use
DM> Absolute paths, which didn't include the https://. I made
DM> some hacks; comments? (Does this look right, Barry et. al.?)
What do you think of the following instead.
def GetScriptURL(self, scriptname, relative=0):
prefix = '../' * Utils.GetNestingLevel()
prefix = self.web_page_url
prefix = mm_cfg.DEFAULT_URL
i = len(prefix)-1
while i >= 0 and prefix[i] == '/':
i = i - 1
prefix = prefix[:i+1]
return '%s/%s%s/%s' % (prefix, scriptname, mm_cfg.CGIEXT,
def GetOptionsURL(self, scriptname, obscure=0, relative=0):
addr = string.lower(addr)
url = self.GetScriptURL('options', relative)
addr = Utils.ObscureEmail(addr)
return '%s/%s' % (url, addr)
and getting rid of GetRelativeScriptURL(), GetAbsoluteScriptURL(),
GetAbsoluteOptionsURL(). Also, modifying the rest of the source to
use just one of these two new functions.
If you like it, I'll make these changes to the CVS tree.
DM> How does the putback process usually work? Does someone
DM> review code, or do we have a "holding area" that's protected
DM> somehow, or?...
Basically, post the code to mailman-developers, or send it to
mailman-cabal. It's up to one of the core maintainers to integrate it
with the CVS code base.