[Mailman-Users] Archive access with only password?
Dan Mick
dmick at utopia.West.Sun.COM
Sat Mar 30 00:02:56 CET 2002
You think if someone has the admin password, they aren't capable
of doing much more damage than accessing the archives?
Ron, I think your problem is specific to you; my admin password
still lets me into anything, including archives, and I would expect
that to stay the same.
Gary Wang wrote:
>
> Well, it IS rather convinient, but I am more concerned of the potential
> (sort-of) security risk. Because access is allowed without username,
> some d00d with evil intent would have an easier time brute-forcing the
> password..
> You know what 'they' say... to catch the bad guys, you have to think
> like them..
> On Friday, March 29, 2002, at 10:48 PM, Ron Jarrell wrote:
>
> > At 10:41 PM 3/29/02 +0900, Gary Wang wrote:
> >> I was hacking around my new Mailman setup, and found out to my great
> >> surprise:
> >> The "private" archives are accessible without a username. Well, that's
> >> only half the story, but it really caught me by surprise. I eventually
> >> figured out that the list is accessible by entering just the admin
> >> password. Is there a way to change this so that admin also needs to
> >> enter username?
> >
> > 2.1b1 does that, which I find annoying as hell, because now if I need
> > to fix something I have to first go lookup a valid user on the list to
> > use the admin password on... But it sounds like you'll be happy :-).
> >
> >
> > ------------------------------------------------------
> > Mailman-Users mailing list
> > Mailman-Users at python.org
> > http://mail.python.org/mailman/listinfo/mailman-users
> > Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> >
> gary c wang
> ICQ: 4343405
>
> ------------------------------------------------------
> Mailman-Users mailing list
> Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
More information about the Mailman-Users
mailing list