[Mailman-Developers] bugtraq submission warning: email address
harvesting exploit
Barry Warsaw
barry at python.org
Thu Nov 27 23:05:16 EST 2003
On Fri, 2003-11-28 at 06:26, Colin Palmer wrote:
> (then you just need to add an ACL to the webserver to stop someone
> downloading the listname.mbox file that has all the unmunged addresses
> still in it)
I'd consider turning this off for 2.1.4 if people agree. Perhaps making
it available only through a site config var. I'm not sure how easy that
is, but it seems important enough to close off access to the mbox file.
Opinions?
-Barry
More information about the Mailman-Developers
mailing list