Edilson Azevedo wrote: > > You said "should". But in 95% of the lists that I look, those links are >always open.
I think Barry misunderstood which links you are talking about. The links on the list admin overview page to lists really reveal nothing but the names of public lists on the server. These are already available on the listinfo overview page and anyone who knows even a little bit about Mailman can easily construct admin or admindb links from the listinfo links. If you are concerned about revealing this, make all your lists advertised = No. >An random example: The official MailMan mailing list. Follow my >steps: > >1 - Open this link: http://mail.python.org/mailman/admin > >2 - After, click in "create a new mailing list" Likewise, anyone with even a little knowledge of Mailman can figure out the URL to the create CGI. The answer is to use strong passwords, and if you are really concerned, don't advertise any lists and remove Mailman's cgi-bin/create wrapper so lists can't be created from the web, or alternatively just don't set site admin or list creator passwords or remove data/adm.pw and data/creator.pw to remove those set previously. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
