[Mailman-Users] Web Admin Security Question

[Dennis Putnam]

Thanks for the reply. Unfortunately I can't find any of this on the old
server so I cannot understand what I did to make it work. I am not an
Apache expert so I am having trouble with step 1 and hope someone can
get me over this hump. I have SSL working as I can access the admin
pages using https. However, I can also access it using http so I am not
forcing SSL. I did not quite understand the looping caveat in option one
so I tried the rewrite rule in option 2. That did not seem to do
anything but there was no indication in the instructions where that
should go. I have a .conf file that loads the SSL module and sets up the
certificates. I added the rewrite code to that file.

On 5/20/2012 8:17 PM, Mark Sapiro wrote:
> Dennis Putnam wrote:
>> After migrating my OS from Mandriva to CentOS I noticed that SSL mailman
>> web access is no longer used. Is this something that is no longer
>> necessary or do I still have more configuring to do? Do I really need
>> SSL or is the management of web admin out of the box sufficient? 
>
> If you care about sending your admin and moderator passwords in the
> clear over HTTP, you will want to use HTTPS. See The FAQ at
> <http://wiki.list.org/x/7oA9> for instructions on how to set this up.
> Don't omit steps 2 and 3. these are important.
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20120521/3c23162b/attachment.pgp>