[Mailman-Users] [Mailman-cabal] GDPR

Grant Taylor gtaylor at tnetconsulting.net
Tue May 15 13:12:33 EDT 2018

On 05/15/2018 03:18 AM, Andrew Hodgson wrote:
> At the moment the list administrator and moderator account is accessed 
> via no username and a single password.  If that password is shared, 
> I have no audit trail of who logged into the system.


I like to run Mailman (et al) administration pages behind htaccess 
protection.  Thus I have the username that authenticated to the web 
server to corroborate who's actually accessing things.

> Also the system currently doesn't log specific access, for example admin 
> A exported a load of addresses, admin B added 100 subscribers to the 
> mailing list etc.

Can you not tell what was done based on the web server logs and the 
requested URLs?  I know that won't catch POST data, but it will give you 
more information than not looking at the web server logs.

Aside:  I personally consider the web server to be part of the 
application framework.  As such, I exercise and use it to (what I think 
is) my advantage.

Grant. . . .
unix || die

More information about the Mailman-Users mailing list