FAQ
Bugs item #1155455, was opened at 2005-03-03 00:09
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?funcÞtail&atid0103&aid55455&group_id3

Category: security/privacy
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 5
Submitted By: Graham Leggett (minfrin)
Assigned to: Nobody/Anonymous (nobody)
Summary: SSL support broken: form posts hard coded to insecure URL

Initial Comment:
After configuring mailman to be accessible from within
a secure webserver (httpd v2.1.3, RHEL3), if the
"create" option is used, the insecure http:// complete
website URL is encoded into the page form, thus
bypassing the secure webserver.

All forms should submit to relative URLs, which will
ensure that the correct website prefix is used.

The FAQ implies that mailman can be run on a secure
webserver and everything should "just work", however
this does not seem to be the case.


----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?funcÞtail&atid0103&aid55455&group_id3

Search Discussions

  • SourceForge.net at Mar 3, 2005 at 12:48 am
    Bugs item #1155455, was opened at 2005-03-02 23:09
    Message generated for change (Comment added) made by tkikuchi
    You can respond by visiting:
    https://sourceforge.net/tracker/?funcÞtail&atid0103&aid55455&group_id3

    Category: security/privacy
    Group: 2.1 (stable)
    Status: Open
    Resolution: None
    Priority: 5
    Submitted By: Graham Leggett (minfrin)
    Assigned to: Nobody/Anonymous (nobody)
    Summary: SSL support broken: form posts hard coded to insecure URL

    Initial Comment:
    After configuring mailman to be accessible from within
    a secure webserver (httpd v2.1.3, RHEL3), if the
    "create" option is used, the insecure http:// complete
    website URL is encoded into the page form, thus
    bypassing the secure webserver.

    All forms should submit to relative URLs, which will
    ensure that the correct website prefix is used.

    The FAQ implies that mailman can be run on a secure
    webserver and everything should "just work", however
    this does not seem to be the case.


    ----------------------------------------------------------------------
    Comment By: Tokio Kikuchi (tkikuchi)
    Date: 2005-03-02 23:48

    Message:
    Logged In: YES
    user_idg709

    Have you set
    DEFAULT_URL_PATTERN = 'https://%s/mailman/'
    in your mm_cfg.py ?
    See 4.27 in mailman FAQ wizard:
    http://www.python.org/cgi-bin/faqw-mm.py


    ----------------------------------------------------------------------

    You can respond by visiting:
    https://sourceforge.net/tracker/?funcÞtail&atid0103&aid55455&group_id3
  • SourceForge.net at Mar 3, 2005 at 1:00 am
    Bugs item #1155455, was opened at 2005-03-03 00:09
    Message generated for change (Comment added) made by minfrin
    You can respond by visiting:
    https://sourceforge.net/tracker/?funcÞtail&atid0103&aid55455&group_id3

    Category: security/privacy
    Group: 2.1 (stable)
    Status: Open
    Resolution: None
    Priority: 5
    Submitted By: Graham Leggett (minfrin)
    Assigned to: Nobody/Anonymous (nobody)
    Summary: SSL support broken: form posts hard coded to insecure URL

    Initial Comment:
    After configuring mailman to be accessible from within
    a secure webserver (httpd v2.1.3, RHEL3), if the
    "create" option is used, the insecure http:// complete
    website URL is encoded into the page form, thus
    bypassing the secure webserver.

    All forms should submit to relative URLs, which will
    ensure that the correct website prefix is used.

    The FAQ implies that mailman can be run on a secure
    webserver and everything should "just work", however
    this does not seem to be the case.


    ----------------------------------------------------------------------
    Comment By: Graham Leggett (minfrin)
    Date: 2005-03-03 01:00

    Message:
    Logged In: YES
    user_id9704

    No I have not - this was the problem.

    Please could you add a section to the docs that points this
    out about setting up SSL - it's way too easy to overlook a
    tiny option such as this one.

    In theory there is no need for mailman to post to an
    absolute URL that I am aware of - is it possible to change
    it to access relative URLs? This will make mailman
    significantly easier to use on SSL sites.


    ----------------------------------------------------------------------

    Comment By: Tokio Kikuchi (tkikuchi)
    Date: 2005-03-03 00:48

    Message:
    Logged In: YES
    user_idg709

    Have you set
    DEFAULT_URL_PATTERN = 'https://%s/mailman/'
    in your mm_cfg.py ?
    See 4.27 in mailman FAQ wizard:
    http://www.python.org/cgi-bin/faqw-mm.py


    ----------------------------------------------------------------------

    You can respond by visiting:
    https://sourceforge.net/tracker/?funcÞtail&atid0103&aid55455&group_id3

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-coders @
categoriespython
postedMar 3, '05 at 12:09a
activeMar 3, '05 at 1:00a
posts3
users1
websitelist.org

1 user in discussion

SourceForge.net: 3 posts

People

Translate

site design / logo © 2022 Grokbase