On Aug 13, 2007, at 6:25 PM, Brad Knowles wrote: > On 8/13/07, Chris Waltham wrote: > >> Is there a relatively straightforward mechanism to protecting list >> archives from prying eyes? From what I can tell, anyone that can >> guess the URL of the archives (e.g. www.foo.org/pipermail/listname) >> can view the archives of the list, even if they're not a subscriber >> to the list. > > Make the archives private, and only subscribers will be able to log > in and see it. This is independent of whether or not the list > itself is advertised or not.
Thanks Brad, I got this suggestion privately right about the same time you sent this one. :-) > >> Rather than make a .htaccess file for each list, or even disable >> archives altogether, what can I do to secure this? This is with >> mailman-2.1.9, built-in pipermail on RHEL 4. I have ~ 830 lists with >> a couple hundred messages per list, on average. > > You shouldn't need to do anything unusual here. For a single list, > you should be able to go to the web admin page for the list, then > go down to the "Archiving Options" section, and click the radio > button to make the archives private as opposed to public, then > click the button at the bottom which says "Submit Your Changes". > > Now, for automating this for ~830 lists, you'll probably want to do > that using a "withlist" script and a bit of Python code. I'll try searching the archives to see if there's a command to do what I want, otherwise I could just input and output some config files and run sed over them ;-) Chris ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
