LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

At 03:02 PM 2/4/2004, Shinn Wu wrote:

> > I don't really understand the 'protection' of wa offers in UNIX.  I
> > install wa in /usr/local/apache/cgi-bin and the archives is under
> > /usr/local/apache/htdocs/archives.  All the archives can be accessed by
> > subscribers ONLY.  BUT, you can easily bypass the email/password if you
> > know (or guess) the name of ANY archive, e.g,
> >
> > http://www.anysite.com/archives/test.log0301
> >
> > or even better
> >
> > http://www.anysite.com/archive/test.html
> >
> > to search the whole list.  It didn't offer any .htaccess.  I must miss
> > something important, but I could not find it either in manual or LSTSRV-L.
> > Would someone shed a light or confirm that?  Thanks.

We change the permissions to 750 for all archive directories. wa has no
problem (no listserv process does), but the web user process has no access.

-- DCP


--
Douglas Palmer                  |
SystemsManager          |
225 Cadman Plaza East           | Email: [log in to unmask]
Brooklyn, New York 11201        | CCNP,USDC-EDNY