[Mailman-Users] moderator login can access admin pages
Brad Knowles
brad at stop.mail-abuse.org
Fri May 5 19:47:47 CEST 2006
At 10:05 AM -0700 2006-05-05, The League CA Cities wrote:
> Brad i completely understand your explaination, but my current lists have
> two passwords one for the admin and one for my moderators. When a
> moderator logins they can click on the link at the bottom to go to admin
> pages and it will bring up the admin section without prompting for a
> password.
That should not be happening. I don't understand why you're
seeing this behaviour, but this is a direct violation of the security
policy that is implemented in the Mailman code.
It seems to me that something has gone horribly wrong with your
installation.
> I am not asking if this is possible because my current lists are setup
> this way I am asking how do i recreate this for my new lists.
See above. It should not be possible to do what you ask, at
least not without modifying the source code to remove the appropriate
security checks.
If you want your list moderators to be able to perform list
administration tasks, then give them the list admin password and make
them list administrators.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
LOPSA member since December 2005. See <http://www.lopsa.org/>.
More information about the Mailman-Users
mailing list