[Mailman-Users] Server Side Includes

Richard Barrett R.Barrett at ftel.co.uk
Mon Apr 15 17:44:39 CEST 2002


At 23:55 15/04/2002 +0900, Ben Gertzfield wrote:
>On Monday, April 15, 2002, at 11:30 , Timothy Murphy wrote:
>
>>While I am an enthusiastic user of mailman,
>>doesn't majordomo still have a well-defined usage,
>>for essentially private lists like committee minutes?
>>
>>This is a genuine question --
>>am I right in assuming that mailman lists are by their nature
>>publicly available?
>
>Not at all.  At UC Santa Cruz, I set up several Mailman lists that were 
>private for just this purpose (committee announcements and minutes) in the 
>School of Engineering.
>
>You can get privacy in one of two ways, depending on what your needs are:
>
>1) Do not archive.  Each list can be set to archive or not to archive 
>within the list's web admin interface.
>
>2) Set up your web server to require a password or IP/hostname match (or 
>both) to allow access to /pipermail/listname/  for each list you want to 
>protect.
>
>I did either or both of these as needed.
>
>Ben

Surely, if you are using the built-in pipermail archiver, you can also set 
a list's archive to private on the Archive Options web GUI admin page. The 
list archives are then not available through the /pipermail/ URI path 
element but are accessed via the /mailman/private/ path which is serviced 
by the $prefix/Mailman/Cgi/private.py script. This script uses cookie 
authentication for which the user credentials are the list member's mail 
address and their associated list password and restricts archive access to 
list members only.

As just a small plug, this archive security is also preserved in the same 
way when the mailman-htdig patches posted on sourceforge are used to 
provide per list archive search.






More information about the Mailman-Users mailing list