« Return to Thread: Web Admin Security Question
Re: Web Admin Security Question
by Dennis Putnam-2
::
Rate this Message:
Thanks for the reply. Unfortunately I can't find any of this on the old
server so I cannot understand what I did to make it work. I am not an
Apache expert so I am having trouble with step 1 and hope someone can
get me over this hump. I have SSL working as I can access the admin
pages using https. However, I can also access it using http so I am not
forcing SSL. I did not quite understand the looping caveat in option one
so I tried the rewrite rule in option 2. That did not seem to do
anything but there was no indication in the instructions where that
should go. I have a .conf file that loads the SSL module and sets up the
certificates. I added the rewrite code to that file.
On 5/20/2012 8:17 PM, Mark Sapiro wrote:
> Dennis Putnam wrote:
>> After migrating my OS from Mandriva to CentOS I noticed that SSL mailman
>> web access is no longer used. Is this something that is no longer
>> necessary or do I still have more configuring to do? Do I really need
>> SSL or is the management of web admin out of the box sufficient?
>
> If you care about sending your admin and moderator passwords in the
> clear over HTTP, you will want to use HTTPS. See The FAQ at
> <http://wiki.list.org/x/7oA9> for instructions on how to set this up.
> Don't omit steps 2 and 3. these are important.
>
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@...
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: http://mail.python.org/mailman/options/mailman-users/lists%40nabble.com
server so I cannot understand what I did to make it work. I am not an
Apache expert so I am having trouble with step 1 and hope someone can
get me over this hump. I have SSL working as I can access the admin
pages using https. However, I can also access it using http so I am not
forcing SSL. I did not quite understand the looping caveat in option one
so I tried the rewrite rule in option 2. That did not seem to do
anything but there was no indication in the instructions where that
should go. I have a .conf file that loads the SSL module and sets up the
certificates. I added the rewrite code to that file.
On 5/20/2012 8:17 PM, Mark Sapiro wrote:
> Dennis Putnam wrote:
>> After migrating my OS from Mandriva to CentOS I noticed that SSL mailman
>> web access is no longer used. Is this something that is no longer
>> necessary or do I still have more configuring to do? Do I really need
>> SSL or is the management of web admin out of the box sufficient?
>
> If you care about sending your admin and moderator passwords in the
> clear over HTTP, you will want to use HTTPS. See The FAQ at
> <http://wiki.list.org/x/7oA9> for instructions on how to set this up.
> Don't omit steps 2 and 3. these are important.
>
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@...
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: http://mail.python.org/mailman/options/mailman-users/lists%40nabble.com
signature.asc (267 bytes) « Return to Thread: Web Admin Security Question
| Free embeddable forum powered by Nabble | Forum Help |
