[Mailman-Users] Serious problem
Mark Sapiro
msapiro at value.net
Wed Apr 26 03:33:34 CEST 2006
Yves Bajard wrote:
>
>For one of the 11 mailing lists I host and manage as list owner, when
>clicking on URL of the admin page, I get directly into it without having
>to go through the password filter.
>
>I noticed that people who look for that list on Google can also access
>directly the admin page of that list without being blocked by the
>password filter.
>
>Anybody could tell me how to correct that flaw? I am not the webmaster
>of my websites, but have contracted it to a local server in my city.
It is unclear to me what is happening here, but here are some things to
think about.
Do you have a saved login cookie for the list?
Can anyone from any computer get to list admin pages via google, or
just from your computer?
Does the google link have a query part with adminpw=?
Have you tried changing the list password?
What happens if you click the 'logout' link on an admin page?
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list