[Mailman-Users] MM admin interface wide open
ulf at ladb.unm.edu
Thu Aug 27 02:26:07 CEST 2009
It turns out the issue was that my mailman site admin password was
null, meaning I had no site admin password set. Using bin/mmsitepass
did solve the problem for me. Now, logout works and opening mailman/
admin/mylist does require a password to login.
@Mark, thank you for pointing this out for me!
Programmer / Analyst II
Latin American and Iberian Institute
ulf at ladb.unm.edu
On Aug 26, 2009, at 5:15 PM, Mark Sapiro wrote:
> Ulf Hofemeier wrote:
>> I'm using MM 2.1.12 and am running into a problem that is rather
>> In my case the MM admin interface is wide open, which means that I
>> need a site admin pwd to access http://mydomain/mailman/admin/
>> mylist. I
>> can click on logout and it will take me to the logout page, but
>> removing /logout from the URL will load the admin interface again.
>> Deleting the cookie doesn't help, closing the browser doesn't help.
>> yeah. The admin interface is accessible via Google as well.
> Do you allow site admin cookies and do you have one?
> Logout will remove the list admin cookie, but if you allow site admin
> cookies and you have logged in with the site password, logout won't
> remove that cookie.
> This doesn't sound like that's the issue in your case however, and it
> certainly isn't normal. Is this MM 2.1.12 installed from source or
> from a vendor package? If a package, which one? Any patches?
> Note that it is normal for the admin login page for a public list to
> indexed in google, but google's crawlers and people coming from google
> shouldn't be able to get past the login page without the password.
>> PS. if you email me, I can provide you with the URL to my MM
> If you send it to me, I'll check it out.
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users