> >But having private notebooks doesn't stop someone from going to a list's > >web archive interface page, does it? Is it currently possible to restrict > >access to a list's WAI page to only that list's subscribers? If so, how? > > It is my understanding (and experience) in 1.8c that setting the notebook > to private means that you do not have a web archive available, and that > sites running the beta of 1.8d have private notebooks and password > protected Web archives. > > Karen Strauss Our experience with 1.8d beta (slightly dated now) is that the archives of lists with Notebook=...,Public have their archives available to anyone through the web interface, as they do in 1.8c. Lists with Notebook=...,Service and Service=Local and lists with Notebook=...,Private are available through the web interface in 1.8d (this is new). In both cases a personal password is required. The personal password is obtainable through the web interface, subject to the normal confirmation process via email. In the former case, the personal password is used just to verify that your email address is in the list's service area. In the latter case, it is used to verify that you are a subscriber to the list. (Note that lists with Confidential=Yes are never available through the web interface). I see a few problems with this implementation using personal passwords: (1) The names of lists with Service=Local are now revealed to the world through the web interface, possibly opening them up to attack by spammers, etc.. This could be fixed with the mechanism described in item 2. (2) It requires many more people than before to get personal passwords. Naive users may well find that process confusing. I would like to have a simpler way for people to access lists with Notebook=...,Service. What I would like to have is a mechanism configured by the LISTSERV maintainer that would allow certain ranges of IP addresses to be mapped to particular service areas. Users with the right IP address would not need a personal password. Others could still get a personal password to get archives access. Later on such a mechanisn could be extended to support things such as public key certificates to identify users. It's really not as complicated as it sounds, especially given some things that have already been done in 1.8d with respect to generating the HTML from templates. (3) It's not at all unusual for people to have multiple equivalent email addresses. For example, my primary email address is [log in to unmask] But [log in to unmask], [log in to unmask], and several other similar forms are equivalent. LISTSERV allow you to get a personal password only for the address that's in your From header. If a list owner adds you to a list using an alternate form of your address, there's no way for you to get at the list's private archives through the web interface, since you can't get a personal password for the right address. Worse, the user may not even realize what the right address is, even if they could get a personal password for it. Roger Fajman Telephone: +1 301 402 4265 National Institutes of Health Internet: [log in to unmask] Bethesda, Maryland, USA Postmaster: CU.NIH.GOV, LIST.NIH.GOV, MAILFWD.NIH.GOV, PACKET.NET.NIH.GOV