LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: subscriber's corner not showing all lists

Ben Parker <[log in to unmask]>

Mon, 22 Nov 2004 14:37:06 -0700

text/plain (58 lines)

On Mon, 22 Nov 2004 14:23:59 -0500, Douglas Palmer <[log in to unmask]>
wrote:

>When users as for a list of all lists from "Subscriber's Corner" they only
>see the lists they are subscribed to. At least one listowner is swearing
>that this worked (ie, all lists showed up) two weeks ago and now they do
>not. Nothing has changed in the past month other than a few new lists
>bringing the total to about 60 lists.

Subscriber's Corner was designed and is intended as a page from which a
Subscriber (to one or more lists on a server, usually to many lists) can
easily manage their subscriptions to some/all lists at one time/place (for
example, setting all lists to NOMAIL when going on vacation).  Since
subscription settings are being modified, obviously the user is required to
login and authenticate themselves.

If the user has already logged in, and they select "All-Lists" (and submit)
they MAY see more lists than the ones they are subscribed to, if there are any
lists which are Confidential=No.  If not, they will not see any more lists
than those they are subscribed to.

Subscriber's Corner was not designed and is not intended as a page from which
non-subscribers can see a nice 'list-of-lists' they may possibly choose to
join.  As noted, a login is required to access Subscriber's Corner at all and
it makes no sense to require a login of non-subscribers before seeing a
'list-of-lists'.

There are also known issues with Subscriber's Corner in 1.8e and several
changes have been made in various builds.  A forthcoming version of LISTSERV
will have this fixed and a new template page will be available for the Server
Admin to define the 'list-of-lists' that non-subscribers may see when the
"All-Lists" selection is made.

Note carefully that for reasons of Security, the cgi script "WA" cannot ask
LISTSERV for a listing of all available lists on the server unless the request
is authenticated by some user's login.  What will be shown at that time will
depend on the privileges available to that logged-in user account which for
most ordinary subscribers is a very low level of privilege (only the list(s)
you are subscribed to).  Yes, it seems to be an inconvenience.  But otherwise
it would be a huge security hole.

What is happening here under the hood is the same security that applies to the
'LISTS' command sent by email, which was changed several years ago.
Non-subscribers get this message:

>> lists
>None of  the lists  on this  server are visible  through the  LISTS command.
>Please use the "LIST GLOBAL" command  to find mailing lists of interest.
...

Subscribers get a list of only the list(s) they are subscribed to plus
possibly "public" lists.

List Owners get the list(s) they are owner= of and any others they are
subscribed to.

Site Admins (only) get all lists on the server.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM