[Mailman-Users] [Mailman-cabal] GDPR
Grant Taylor
gtaylor at tnetconsulting.net
Tue May 15 13:12:33 EDT 2018
On 05/15/2018 03:18 AM, Andrew Hodgson wrote:
> At the moment the list administrator and moderator account is accessed
> via no username and a single password. If that password is shared,
> I have no audit trail of who logged into the system.
ACK
I like to run Mailman (et al) administration pages behind htaccess
protection. Thus I have the username that authenticated to the web
server to corroborate who's actually accessing things.
> Also the system currently doesn't log specific access, for example admin
> A exported a load of addresses, admin B added 100 subscribers to the
> mailing list etc.
Can you not tell what was done based on the web server logs and the
requested URLs? I know that won't catch POST data, but it will give you
more information than not looking at the web server logs.
Aside: I personally consider the web server to be part of the
application framework. As such, I exercise and use it to (what I think
is) my advantage.
--
Grant. . . .
unix || die
More information about the Mailman-Users
mailing list