Re: SSL and Mailman?, was Re: Mailing Lists

To: debian-isp@lists.debian.org
Subject: Re: SSL and Mailman?, was Re: Mailing Lists
From: Craig Sanders <cas@taz.net.au>
Date: Sun, 11 Nov 2001 10:02:10 +1100
Message-id: <[🔎] 20011111100210.B10363@taz.net.au>
In-reply-to: <[🔎] 20011109092217.G873@toa.magma.com.ni>
References: <[🔎] 200111081356.fA8Dueb12473@server.utah.inet> <[🔎] Pine.LNX.4.33.0111081356260.8700-100000@caxton.startext.demon.co.uk> <[🔎] 20011109092217.G873@toa.magma.com.ni>

On Fri, Nov 09, 2001 at 09:22:17AM -0600, Jorge.Lehner@gmx.net wrote:
> I'm using mailman, but only at a *very* small scale.
>
> While beeing satisfied about the ease of configuration and managment
> of the lists, I am worried about the fact, that the list administrator
> is sending the list password in cleartext over the net when logging
> in.
>
> Of course I give the admins the advice to use https:// instead of
> http:// when logging in, but mailman does not enforce it.

you should be able to do that in your apache configuration - either deny
access to unencrypted connections or send a redirect to the encrypted
URL.

> I think of diving into the code some day to see into it, but maybe I'm
> too paranoid or you have yet a solution to this...

it's not really mailman's job to do that.

craig

-- 
craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Reply to:

Follow-Ups:
- Re: SSL and Mailman?, was Re: Mailing Lists
  - From: Jorge.Lehner@gmx.net

References:
- Re: Mailing Lists
  - From: Andre Luis Lopes <andrelop@ig.com.br>
- Re: Mailing Lists
  - From: Martin WHEELER <mwheeler@startext.co.uk>
- SSL and Mailman?, was Re: Mailing Lists
  - From: Jorge.Lehner@gmx.net

Prev by Date: PostFix question
Next by Date: Re: Cannot install apache-ssl through apt
Previous by thread: Re: SSL and Mailman?, was Re: Mailing Lists
Next by thread: Re: SSL and Mailman?, was Re: Mailing Lists
Index(es):
- Date
- Thread