[Mailman-Users] Question Regarding admindb

Gonzalo Servat speedy at WebBios.com.au
Wed Dec 1 07:09:42 CET 1999


Christopher Lindsey wrote:

> > It would be quite easy for anyone to send spam to the list, then guess
> > the URL of the approval page (since its usually
> > www.domain.com/admindb/<listname> and approve it themselves since no
> > password is required.
>
> Ummm, mine requires a password.
>
> > Any ideas on how I could enable a password setting there? (other than
> > making a .htaccess file.. i was hoping there's an easier way)
>
> It could be using the same cookie that you used for list maintenance
> functions as authentication.  Try quitting your browser and restarting
> it, then go directly to the admindb page.  It should come up with the
> standard password authentication window.

Ahh you're right... I tried quitting Netscape and coming back in, etc, but
it kept the cookie... but I tried on another system and it asked me for the
password.

Thanks for that.

I'm still wondering why every time I get the List Administrative Password
screen, right at the top it says "Error Decoding Authorization Cookie", is
that normal?

Thanks.

Gonzalo.





More information about the Mailman-Users mailing list