[Mailman-Users] Serious problem

Mark Sapiro msapiro at value.net
Wed Apr 26 03:33:34 CEST 2006


Yves Bajard wrote:
>
>For one of the 11 mailing lists I host and manage as list owner, when
>clicking on URL of the admin page, I get directly into it without having
>to go through the password filter.
>
>I noticed that people who look for that list on Google can also access
>directly the admin page of that list without being blocked by the
>password filter.
>
>Anybody could tell me how to correct that flaw? I am not the webmaster
>of my websites, but have contracted it to a local server in my city.


It is unclear to me what is happening here, but here are some things to
think about.

Do you have a saved login cookie for the list?

Can anyone from any computer get to list admin pages via google, or
just from your computer?

Does the google link have a query part with adminpw=?

Have you tried changing the list password?

What happens if you click the 'logout' link on an admin page?

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan




More information about the Mailman-Users mailing list