[Mailman-Users] Is there a security hole in Mailman?
Jim Popovitch
jimpop at yahoo.com
Mon Feb 13 21:53:52 CET 2006
Mark Sapiro wrote:
> As far as your original question is concerned, I don't think we're
> aware of any way for list names/posting addresses to be available via
> your web server as long as your lists are not 'advertised', your
> archives are private and your web server runs as a user/group that
> can't directly access your Mailman installation.
Side question: If the webserver is running as a user/group that can't
directly access the Mailman installation, how can Mailman web interfaces
work? Perhaps you mean something else by the above?
-Jim P.
More information about the Mailman-Users
mailing list