On 05/30/2018 03:36 PM, Parker, Michael D. wrote:
I've been assigned the task of attempting to secure our current implementation of GNU MailMan.
One thing that I've not seen (or missed) in this thread is the idea of leveraging HTTPS usernames and passwords to protect the web interface.
IMHO the web server has a LOT more experience at user access control than most web applications. As such, I feel like the web server probably has a better handle on how to do it.
As for the default ugly username & password dialog box, there are ways around that.
-- Grant. . . . unix || die
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
