[Mailman-Users] Archive browsing question
John Dennis
jdennis at redhat.com
Mon Dec 19 21:09:35 CET 2005
On Mon, 2005-12-19 at 11:47 -0800, Elvis Fernandes wrote:
> >From a web browser, non-members of a mail list can browse the archives.
> Is this a correct statement?
>
> For example, if I am NOT a member of mail-list, I can still go to
> http://mailman/pipermail/mail-list
> and browse the archives.
>
> Now, there must be a way to block non-members to browse the archives of
> mail-list
>
> In todays security world there sure must be a way. I would like to know
> others experiences.
Some lists are appropriate for public consumption, some are not. That is
why mailman supports both public and private archives, it is a per list
configuration.
However please note, the security protection on the private archives is
not terribly strong, it requires only a username/password, something
which by default is mailed in the clear once a month. Security in
general was not a prime design point for mailman, a limitation which is
recognized and hopefully will be better addressed in MM 3.0. If you have
very sensitive information in your archives you may want to consider an
alternate solution.
--
John Dennis <jdennis at redhat.com>
More information about the Mailman-Users
mailing list