Ok... thanks to all!!! But, I've a last doubt: Which the advantage in keep the creation of lists open for the world? what would be the real advantage? I need to understand before block the access.
THANKS!!!!! On Mon, Jan 5, 2009 at 2:50 PM, Barry Warsaw <ba...@list.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Jan 5, 2009, at 11:48 AM, Mark Sapiro wrote: > > I think Barry misunderstood which links you are talking about. >> > > Yep. Thanks, I just re-read the OP (in post-coffee mode :), so now I get > it. > > The links on the list admin overview page to lists really reveal >> nothing but the names of public lists on the server. These are already >> available on the listinfo overview page and anyone who knows even a >> little bit about Mailman can easily construct admin or admindb links >> from the listinfo links. If you are concerned about revealing this, >> make all your lists advertised = No. >> >> An random example: The official MailMan mailing list. Follow my >>> steps: >>> >>> 1 - Open this link: http://mail.python.org/mailman/admin >>> >>> 2 - After, click in "create a new mailing list" >>> >> >> >> Likewise, anyone with even a little knowledge of Mailman can figure out >> the URL to the create CGI. >> >> The answer is to use strong passwords, and if you are really concerned, >> don't advertise any lists and remove Mailman's cgi-bin/create wrapper >> so lists can't be created from the web, or alternatively just don't >> set site admin or list creator passwords or remove data/adm.pw and >> data/creator.pw to remove those set previously. >> > > Mark's suggestions are spot on. > > - -Barry > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (Darwin) > > iEYEARECAAYFAkliOl0ACgkQ2YZpQepbvXF2yACfa9jcidXxfax6sLze5CJV4uXP > 5qAAoK5gZzSRoCgdmpuvDrO8Jy79BdIT > =A81I > -----END PGP SIGNATURE----- > -- Atenciosamente, Edilson Azevedo (19) 3787-3312 (12) 8156-5590 Mail / Gtalk: eazev...@bsd.com.br _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
