Long about 03:34 PM 2/25/2008, Valdis Kletnieks sent the following:

>On Mon, 25 Feb 2008 13:05:06 EST, Douglas Palmer said:
> > When a user clicks on "log in" they are redirected to the https://
> > URL instead of the regular one. How do I turn this off?
>
>Well, if you *like* having all the passwords go over the wire in cleartext,
>feel free to do it.  Just remember that means that basically everybody who
>tries to use it from a wireless connection is now a sitting duck.
>
>In other words - think *really* hard about what you're
>considering.  Doing this
>basically means that *any* Listserv password is subject to capture - there's
>a *reason* it's redirected to https:// and the reason is so that sensitive
>things like passwords don't go over the net in cleartext.

We only use the web interface locally... and I have it working with a
locally generated certificate -- but I would rather not have to buy
one for the site it is on (which is under a fake TLD). We have users
calling because they are being prompted to continue or not (and being
well trained users, they either stop cold when warned about
certificates or they worry because the site location has turned red)
and we could frankly do without it.

Similarly, I would rather the RSS feed display the e-mail address of
the author rather than "<>" -- These feeds are only available on our
intranet and there's no need to mask them.

-- DCP