Well, it IS rather convinient, but I am more concerned of the potential (sort-of) security risk. Because access is allowed without username, some d00d with evil intent would have an easier time brute-forcing the password.. You know what 'they' say... to catch the bad guys, you have to think like them.. On Friday, March 29, 2002, at 10:48 PM, Ron Jarrell wrote:
> At 10:41 PM 3/29/02 +0900, Gary Wang wrote: >> I was hacking around my new Mailman setup, and found out to my great >> surprise: >> The "private" archives are accessible without a username. Well, that's >> only half the story, but it really caught me by surprise. I eventually >> figured out that the list is accessible by entering just the admin >> password. Is there a way to change this so that admin also needs to >> enter username? > > 2.1b1 does that, which I find annoying as hell, because now if I need > to fix something I have to first go lookup a valid user on the list to > use the admin password on... But it sounds like you'll be happy :-). > > > ------------------------------------------------------ > Mailman-Users mailing list > [EMAIL PROTECTED] > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py > gary c wang ICQ: 4343405 ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
