Michael Urashka wrote: >About a year ago I set up 3 lists. I was fairly certain I set >up 2 of the lists as private and 1 as public.
I assume you're talking about archives here. >A couple weeks ago >we discovered that all three were set to public (looking in the web >admin interface). Now I'm not certain if somehow I didn't originally set >them private. We've upgraded Mailman at least once in this time, not >sure if that could possibly have affected the settings but I should think >it unlikely. Upgrading Mailman shouldn't change a list's archive from private to public or vice versa. I haven't heard of this failing. >Anyway, we then toggled the 2 lists we wanted back to private, but >searching Google I am able to find a couple posts. The posts were indexed in Google while the archive was public, but with a 'pipermail' URL that won't work. They will eventually disappear from Google. >Additionally, going >to the Mailman-run web site for one of the mailing lists (the page >people can subscribe from or view the archives, etc), when one clicks >one the Archives, one isn't prompted >for authentication and just gets the /mailman/private/list archive pages >(listed by month: thread/author/subject/date) and one is able to click >and read the archives. Most likely because you previously authorized as the list admin (or a list member) during that browser session and still have the authorization cookie. >I attempted to rebuild the archives with the arch command but that >appears to not have the desired affect. > >Running check_perms showed that the /private archives had the +x for >'other' set so I toggled that to -x. This will probably break access to your remainin public archive via the 'pipermail' URL. If it doesn't, that's great - leave it o-x, but I think you'll probably need to put it back to o+x to access public archives via the 'pipermail URL. >I can still go to the list archives page and view the private archives >though. o+x or o-x on the archives/private directory will have no effect on private archive access. I still think you are able to access the private archive without authorizing because of a saved cookie from prior authorization in the browser session. >I was wondering what the best way to limit viewing of these pages from >the outside public but allow list members to still have access to the >archives is. Making the archive private should do it. >Is there something obvious I am missing? The cookie. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
