[Mailman-Users] Can I hide "restricted" lists on the main mailman html page?

Brian J. Murrell bmurrell at turbolinux.com
Tue Aug 1 18:02:06 CEST 2000

I have some lists that I would like to run on my mailman server which
need to be "hidden" from general users.  Meaning that when an "unknown
somebody" goes to the http://.../mailman/listinfo/ page, I would like
some of the lists not listed there.  Having the list named on the page
but requiring a password to follow the link is not workable because just
the name of the list is too much of a leak of information.

I envision a http://.../mailman/listinfo/ page that shows all of the
"public" lists.  I also envision on that page 2 boxes where a user puts
in his e-mail account and password.  Once the account and password are
verified, the "list of lists" is updated so that any of the "hidden"
lists he is a member of now show up.

Obviously and of course if a given list that was named "hidden-list" was
hidden, the page at http://.../mailman/listinfo/hidden-list should be
password protected using the above mechanism to prevent
security-thru-obscurity issues.

"How does a user know that a list exists to subscribe to if he has to be
a subscriber to see it" you might ask?  The list would be by invitation
only.  Or even better, perhaps as an option the ability to see the
"hidden" list on the main mailman page could be allowed or denied based
on pattern matching of the user's *authenticiated* (with his password)
e-mail address.  So a rule could be attached to the list that says
something like "*@some.domain.com and *@*.other.domain.com are permitted
to see this list in the list of lists".


More information about the Mailman-Users mailing list