On 2009-Jan-5, at 2:03 PM, Barry Warsaw wrote:
I suspect the default should be to not expose those things. I
wasn't even
aware that list creation through the web was possible. Based on the
extremely novice questions I see posted to mailman-users on
occasion I
suspect many potential Mailman
Barry Warsaw wrote:
>
>On Jan 5, 2009, at 1:12 PM, s...@pobox.com wrote:
>
>> I suspect the default should be to not expose those things. I
>> wasn't even
>> aware that list creation through the web was possible. Based on the
>> extremely novice questions I see posted to mailman-users on occasi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jan 5, 2009, at 2:25 PM, Terri Oda wrote:
This seems like it might be more of a failure in documentation/
understanding than a failure in security. All this information is
readily available (both about the fact that you can create from the
w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jan 5, 2009, at 1:12 PM, s...@pobox.com wrote:
I suspect the default should be to not expose those things. I
wasn't even
aware that list creation through the web was possible. Based on the
extremely novice questions I see posted to mailman-us
>> Maybe all that's necessary is to install cgi-bin/create as
>> cgi-bin/create.disabled by default, set its permissions to not allow
>> execution and add a note to the installation docs about the
>> consequences of through-the-web list creation and how to set it up.
Adam> Or
On Mon, Jan 05, 2009 at 12:12:31PM -0600, s...@pobox.com wrote:
> Maybe all that's necessary is to install cgi-bin/create as
> cgi-bin/create.disabled by default, set its permissions to not allow
> execution and add a note to the installation docs about the consequences of
> through-the-web list cr
Mark> The answer is to use strong passwords, and if you are really
Mark> concerned, don't advertise any lists and remove Mailman's
Mark> cgi-bin/create wrapper so lists can't be created from the web, or
Mark> alternatively just don't set site admin or list creator passwords
Mar
Edilson Azevedo wrote:
>
> But, I've a last doubt: Which the advantage in keep the creation of lists
>open for the world? what would be the real advantage? I need to understand
>before block the access.
You may have people within your organization or trusted customers or
whatever, depending on yo
Ok... thanks to all!!!
But, I've a last doubt: Which the advantage in keep the creation of lists
open for the world? what would be the real advantage? I need to understand
before block the access.
THANKS!
On Mon, Jan 5, 2009 at 2:50 PM, Barry Warsaw wrote:
> -BEGIN PGP SIGNED MESSAGE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jan 5, 2009, at 11:48 AM, Mark Sapiro wrote:
I think Barry misunderstood which links you are talking about.
Yep. Thanks, I just re-read the OP (in post-coffee mode :), so now I
get it.
The links on the list admin overview page to lists re
Edilson Azevedo wrote:
>
> You said "should". But in 95% of the lists that I look, those links are
>always open.
I think Barry misunderstood which links you are talking about.
The links on the list admin overview page to lists really reveal
nothing but the names of public lists on the server. Th
On Mon, Jan 05, 2009 at 09:34:47AM -0500, Dan Mahoney, System Admin wrote:
> I see this as a non-issue, personally, but I do think it looks bad, and
Likewise.
> think that screen should in a perfect world only be shown ONLY if there is
> a "list creator" password with no other privileges (but t
On Mon, 5 Jan 2009, Edilson Azevedo wrote:
Hi Barry and Thank to answer!
You said "should". But in 95% of the lists that I look, those links are
always open. An random example: The official MailMan mailing list. Follow my
steps:
1 - Open this link: http://mail.python.org/mailman/admin
2 - Aft
Hi Barry and Thank to answer!
You said "should". But in 95% of the lists that I look, those links are
always open. An random example: The official MailMan mailing list. Follow my
steps:
1 - Open this link: http://mail.python.org/mailman/admin
2 - After, click in "create a new mailing list"
3 -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jan 5, 2009, at 8:04 AM, Edilson Azevedo wrote:
Hi Developers! I've a question:
Why in all lists sites that I look, the "Admin Links" is open?
Worst: Why
(inside the Admin Links) the link "create a new mailing list" is open?
Anyone in anywher
Hi Developers! I've a question:
Why in all lists sites that I look, the "Admin Links" is open? Worst: Why
(inside the Admin Links) the link "create a new mailing list" is open?
Anyone in anywhere can to try until discover the Admin password??
My doubt is: Why those links are open to world? I th
16 matches
Mail list logo