[Mailman-Users] MM admin interface wide open

[Ulf Hofemeier]

The only scenario I can see are large organizations/corporations with  
huge IT department who have to administer mailing lists with thousands  
of subscribers. In that case it might make more sense to protect the  
admin interface through a dedicated virtual host + packet filter +  
htaccess set up, rather than having every 'admin' to type in the site  
admin password for once, or once the site admin cookie has expired. It  
would speed things up to have the interface accessible through one  
link without any barriers. I don't know if this is an applicable  
scenario or not, but IT departments with large organizations are  
probably capable to make mailman work for them.
Ulf
--
Ulf Hofemeier
Programmer / Analyst II
Latin American and Iberian Institute
ulf at ladb.unm.edu



>
> Still, it's worth fixing it so that a null password doesn't work. I
> can't see that anyone would actually want passwordless access to the
> admin interface except maybe in the case of a server that was not
> exposed on the internet al all, but probably not even then.
>
> Does anyone need to have null passwords work in Mailman?
>
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>