[Mailman-Developers] Found a privacy loophole...
Rick Niess
Rick.Niess@usm.edu
Tue, 30 Nov 1999 10:39:08 -0600 (CST)
On Sun, 28 Nov 1999 claw@kanga.nu wrote:
> On Thu, 25 Nov 1999 17:30:03 -0600 (CST)
> Rick Niess <rniess@netserver3.otr.usm.edu> wrote:
> > Hi All, I just noticed something. I have some lists which are
> > "private", so they don't show up in the index of lists that
> > listinfo generates. However, if you follow the link to the "list
> > admin overview page", it shows all the list names. Not terribly
> The most they can find out from the admin page without a list
> password is the fact that a name exists and thereby the knowledge of
> how to send administration and attempted post messages to the list.
Whoah. All I was pointing out was that attempting to hide the
existence of a list to those viewing the listinfo index (by turning off
the Advertize option) isn't entirely bulletproof. The listinfo index page
specifically tells them how to get to the pages for lists that they know
exist but aren't listed there, and then it provides a link to the list
admin overview page which lists all existing lists, hidden or not.
This isn't serious, or at least not on a system-wide level. Just
possibly embarrasing to a list admin. And Barry has already noted that
it's a known bug. FYI...
~ Rick ~
--
.oooO "Man with closed Oooo. Rick C. Niess
( ) mouth gathers ( ) University of Southern Miss.
\ ( no foot!" ) / resnet@usm.edu
--\ )------------------(_/-------------------------------