[Mailman-Users] MM admin interface wide open
Ulf Hofemeier
ulf at ladb.unm.edu
Thu Aug 27 03:13:28 CEST 2009
The only scenario I can see are large organizations/corporations with
huge IT department who have to administer mailing lists with thousands
of subscribers. In that case it might make more sense to protect the
admin interface through a dedicated virtual host + packet filter +
htaccess set up, rather than having every 'admin' to type in the site
admin password for once, or once the site admin cookie has expired. It
would speed things up to have the interface accessible through one
link without any barriers. I don't know if this is an applicable
scenario or not, but IT departments with large organizations are
probably capable to make mailman work for them.
Ulf
--
Ulf Hofemeier
Programmer / Analyst II
Latin American and Iberian Institute
ulf at ladb.unm.edu
>
> Still, it's worth fixing it so that a null password doesn't work. I
> can't see that anyone would actually want passwordless access to the
> admin interface except maybe in the case of a server that was not
> exposed on the internet al all, but probably not even then.
>
> Does anyone need to have null passwords work in Mailman?
>
> --
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
>
>
More information about the Mailman-Users
mailing list