Re: SSL and Mailman?, was Re: Mailing Lists
On Fri, Nov 09, 2001 at 09:22:17AM -0600, Jorge.Lehner@gmx.net wrote:
> I'm using mailman, but only at a *very* small scale.
>
> While beeing satisfied about the ease of configuration and managment
> of the lists, I am worried about the fact, that the list administrator
> is sending the list password in cleartext over the net when logging
> in.
>
> Of course I give the admins the advice to use https:// instead of
> http:// when logging in, but mailman does not enforce it.
you should be able to do that in your apache configuration - either deny
access to unencrypted connections or send a redirect to the encrypted
URL.
> I think of diving into the code some day to see into it, but maybe I'm
> too paranoid or you have yet a solution to this...
it's not really mailman's job to do that.
craig
--
craig sanders <cas@taz.net.au>
Fabricati Diem, PVNC.
-- motto of the Ankh-Morpork City Watch
Reply to: