Mark,
Logout won't remove the cookie if there is one, but I doubt there is.
ALLOW_SITE_ADMIN_COOKIES is set to NO. I compiled MM 2.1.12 from the
source.
Ulf
--
Ulf Hofemeier
Programmer / Analyst II
Latin American and Iberian Institute
u...@ladb.unm.edu
On Aug 26, 2009, at 5:15 PM, Mark Sapiro wrote:
Ulf Hofemeier wrote:
I'm using MM 2.1.12 and am running into a problem that is rather
nasty.
In my case the MM admin interface is wide open, which means that I
don't
need a site admin pwd to access http://mydomain/mailman/admin/
mylist. I
can click on logout and it will take me to the logout page, but
simply
removing /logout from the URL will load the admin interface again.
Deleting the cookie doesn't help, closing the browser doesn't help.
Oh,
yeah. The admin interface is accessible via Google as well.
Do you allow site admin cookies and do you have one?
Logout will remove the list admin cookie, but if you allow site admin
cookies and you have logged in with the site password, logout won't
remove that cookie.
This doesn't sound like that's the issue in your case however, and it
certainly isn't normal. Is this MM 2.1.12 installed from source or
from a vendor package? If a package, which one? Any patches?
Note that it is normal for the admin login page for a public list to
be
indexed in google, but google's crawlers and people coming from google
shouldn't be able to get past the login page without the password.
PS. if you email me, I can provide you with the URL to my MM
installation.
If you send it to me, I'll check it out.
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
