On Fri, Nov 09, 2001 at 09:22:17AM -0600, [EMAIL PROTECTED] wrote: > I'm using mailman, but only at a *very* small scale. > > While beeing satisfied about the ease of configuration and managment > of the lists, I am worried about the fact, that the list administrator > is sending the list password in cleartext over the net when logging > in. > > Of course I give the admins the advice to use https:// instead of > http:// when logging in, but mailman does not enforce it.
you should be able to do that in your apache configuration - either deny access to unencrypted connections or send a redirect to the encrypted URL. > I think of diving into the code some day to see into it, but maybe I'm > too paranoid or you have yet a solution to this... it's not really mailman's job to do that. craig -- craig sanders <[EMAIL PROTECTED]> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch