On 05/31/2018 09:52 AM, Mark Sapiro wrote: > On 05/31/2018 08:10 AM, Carl Zwanzig wrote: > >>> 3. Can user passwords be eliminated and have the list >>> administrator make any user adjustments which should not be necessary? >> At a great loss of utility, sure. This would require a code change. > > The code changes to do it right would not be simple.
Depending on where your users are coming from, it might be easier to limit access to the GUI using a firewall. What I do, is to run the mailman GUI on a non-standard https port. I then create webserver URL rewrites that redirect url access to that port. I use my firewall (IPTABLES), to control who can access the GUI. If all of your users come from a LAN inside an office, you can easily restrict access to only those on the LAN. I've also used thing like GEOIP, and other tools to limit access to specific countries or specific geographic areas or specific service providers. Alot of attacks come from outside countries and limiting access substantially reduces attacks on my servers. You could also require users to use a VPN or fwknop in order to access the GUI. This is easy if your users already access your site over a VPN. Nataraj ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org