[Png-mng-security] png-mng-security list compromised
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Wed Aug 8 14:51:10 UTC 2007
On Wed, 8 Aug 2007, Tom Lane wrote:
> Bob Friesenhahn <bfriesen at simple.dallas.tx.us> writes:
>> There is a choice to be made. We can eliminate or rename the list, or
>> we can trust that the list itself won't be compromised and disable the
>> archiving feature so that it is not possible for someone to retrieve
>> the archives.
>
> Most of the sensitive lists that I deal with require a subscriber's
> password to access the archives. Can't we set it up like that?
I think that if you attempt to access the archives now, you will be
prompted for your list password in order to access the archives.
However, the archives are not actually stored (by default) in a way
which prevents access without a password. The web server's
authentication mechanism (rather than Mailman's) would be needed to
block access to the archives.
> Frequent renamings of the list are right out. If you are concerned that
> the present exposure of the list's existence might lead to more spam
> load than you can handle, then I can deal with a one-time renaming, but
> doing it regularly is no good.
SPAM is easily handled by having the list automatically dispose of
non-subscriber emails.
Bob
======================================
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the png-mng-security-archive
mailing list