diff options
| -rw-r--r-- | FAQ | 60 |
1 files changed, 29 insertions, 31 deletions
@@ -1,5 +1,5 @@ Mailman - The GNU Mailing List Management System -Copyright (C) 1998 by the Free Software Foundation, Inc. +Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA FREQUENTLY ASKED QUESTIONS @@ -60,7 +60,7 @@ FREQUENTLY ASKED QUESTIONS You can always use the Python module `compile' or `compileall' to force byte compilation of a file, or just fire up the Python - interpreter and try importing the module! + interpreter and try importing the module. 4. Other debugging aids @@ -106,7 +106,6 @@ FREQUENTLY ASKED QUESTIONS . remove $prefix/archives/private/<listname> . edit $prefix/archives/private/<listname>.mbox/<listname>.mbox [optional] . run $prefix/bin/arch <listname> - $prefix/archives/private/<listname>.mbox/<listname>.mbox 9. I set member_posting_only to yes because I want to limit posts to members only, however it seems like all messages coming from @@ -160,38 +159,37 @@ FREQUENTLY ASKED QUESTIONS most applications, but a sufficiently determined cracker *could* get unauthorized access by: - * Packet sniffing: The password used to do the initial - authentication for any non-public Mailman page is sent as - clear text over the net. If you consider this to be a big - problem, you really should use an SSL-enabled server. + * Packet sniffing: The password used to do the initial + authentication for any non-public Mailman page is sent as clear + text over the net. If you consider this to be a big problem, you + really should use an SSL-enabled server. - * Stealing a valid cookie: After successful password - authentication, Mailman sends a "cookie" back to the user's - browser. This cookie will be used for "automatic" - authentication when browsing further within the list's - protected pages. The cookie will only work for a limited - time, and only on connections made from the same IP number as - the password-authenticating connection. + * Stealing a valid cookie: After successful password + authentication, Mailman sends a "cookie" back to the user's + browser. This cookie will be used for "automatic" authentication + when browsing further within the list's protected pages. The + cookie will only work for a limited time, and only on connections + made from the same IP number as the password-authenticating + connection. - Gaining access to the user's cookie (e.g. by being able to - read the user's browser cookie database, or by means of packet - sniffing, or maybe even by some broken browser offering all - it's cookies to any and all sites the user accesses), and at - the same time being able to fulfill the other criteria for - using the cookie could result in unauthorized access. + Gaining access to the user's cookie (e.g. by being able to read + the user's browser cookie database, or by means of packet + sniffing, or maybe even by some broken browser offering all it's + cookies to any and all sites the user accesses), and at the same + time being able to fulfill the other criteria for using the + cookie could result in unauthorized access. - Note that this problem is easier exploitable when users browse - the web via proxies -- in that case, the cookie would be valid - for any connections made through that proxy, and not just for - connections made from the particular machine the user happens - to be accessing the proxy from. - - * Getting access to the user's terminal: This is really just - another kind of cookie stealing. The short cookie expiry time - is supposed to help defeat this problem. It can be considered - the price to pay for the convenience of not having to type the - password in every time. + Note that this problem is easier exploitable when users browse + the web via proxies -- in that case, the cookie would be valid + for any connections made through that proxy, and not just for + connections made from the particular machine the user happens to + be accessing the proxy from. + * Getting access to the user's terminal: This is really just + another kind of cookie stealing. The short cookie expiry time is + supposed to help defeat this problem. It can be considered the + price to pay for the convenience of not having to type the + password in every time. Local Variables: |