Ulf Hofemeier wrote: > >I'm using MM 2.1.12 and am running into a problem that is rather nasty. >In my case the MM admin interface is wide open, which means that I don't >need a site admin pwd to access http://mydomain/mailman/admin/mylist. I >can click on logout and it will take me to the logout page, but simply >removing /logout from the URL will load the admin interface again. >Deleting the cookie doesn't help, closing the browser doesn't help. Oh, >yeah. The admin interface is accessible via Google as well.
Do you allow site admin cookies and do you have one? Logout will remove the list admin cookie, but if you allow site admin cookies and you have logged in with the site password, logout won't remove that cookie. This doesn't sound like that's the issue in your case however, and it certainly isn't normal. Is this MM 2.1.12 installed from source or from a vendor package? If a package, which one? Any patches? Note that it is normal for the admin login page for a public list to be indexed in google, but google's crawlers and people coming from google shouldn't be able to get past the login page without the password. >PS. if you email me, I can provide you with the URL to my MM installation. If you send it to me, I'll check it out. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
