[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL and Mailman?, was Re: Mailing Lists

In your Apache httpd.conf file, under the VirtualHost block that
handles your mailman config, force Apache to use https instead of
http, even when somebody types in http.  You do it by adding the
below 2 lines: (you have to have mod_rewrite compiled and installed
in your Apache daemon)

RewriteEngine on
RewriteRule ^/(.+) https://www.somedomain.com/cgi-bin/mailmanconfig [R,L]



I'm using mailman, but only at a *very* small scale.

While beeing satisfied about the ease of configuration and managment
of the lists, I am worried about the fact, that the list administrator
is sending the list password in cleartext over the net when logging in.

Of course I give the admins the advice to use https:// instead of http://
when logging in, but mailman does not enforce it.

I think of diving into the code some day to see into it, but maybe I'm
too paranoid or you have yet a solution to this...

Any thoughts?


On Thu, Nov 08, 2001 at 01:59:51PM +0000, Martin WHEELER wrote:
 On Thu, 8 Nov 2001, Andre Luis Lopes wrote:

 > Em Qui 08 Nov 2001 10:19, Craigsc escreveu:
 It's worth it for the web-based administration and archiving alone.

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: