[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL and Mailman?, was Re: Mailing Lists

On Fri, Nov 09, 2001 at 09:22:17AM -0600, Jorge.Lehner@gmx.net wrote:
> I'm using mailman, but only at a *very* small scale.
> While beeing satisfied about the ease of configuration and managment
> of the lists, I am worried about the fact, that the list administrator
> is sending the list password in cleartext over the net when logging
> in.
> Of course I give the admins the advice to use https:// instead of
> http:// when logging in, but mailman does not enforce it.

you should be able to do that in your apache configuration - either deny
access to unencrypted connections or send a redirect to the encrypted

> I think of diving into the code some day to see into it, but maybe I'm
> too paranoid or you have yet a solution to this...

it's not really mailman's job to do that.


craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Reply to: