Long about 03:34 PM 2/25/2008, Valdis Kletnieks sent the following: >On Mon, 25 Feb 2008 13:05:06 EST, Douglas Palmer said: > > When a user clicks on "log in" they are redirected to the https:// > > URL instead of the regular one. How do I turn this off? > >Well, if you *like* having all the passwords go over the wire in cleartext, >feel free to do it. Just remember that means that basically everybody who >tries to use it from a wireless connection is now a sitting duck. > >In other words - think *really* hard about what you're >considering. Doing this >basically means that *any* Listserv password is subject to capture - there's >a *reason* it's redirected to https:// and the reason is so that sensitive >things like passwords don't go over the net in cleartext. We only use the web interface locally... and I have it working with a locally generated certificate -- but I would rather not have to buy one for the site it is on (which is under a fake TLD). We have users calling because they are being prompted to continue or not (and being well trained users, they either stop cold when warned about certificates or they worry because the site location has turned red) and we could frankly do without it. Similarly, I would rather the RSS feed display the e-mail address of the author rather than "<>" -- These feeds are only available on our intranet and there's no need to mask them. -- DCP