Lyris User's Guide
[previous] [next] [contents]
Secure HTTP web interface
Table of Contents
· Introduction
· Email Commands
· Web Interface for Users
· Server Administrator
· Site Administrator
· List Administrator
· Other Topics
· · Security Considerations
· · Security Issues Relating to Members
· · · Access to the list archives
· · · Access to the list of members
· · · Access to Subscribe to the Mailing List
· · · Steps to restrict false impersonations
· · · Security Features for Posting Messages
· · · · List admin posting
· · · · Admin Moderation
· · · · Number moderating
· · · · Allow Non-Member Posting
· · · · Action Phrase Restrictions
· · · · Password based posting
· · · · Banning members
· · · · Disallow Email Posting
· · · · Secure HTTP web interface
· · · · Lyris List Manager extensions
· · · · Confirmed subscriptions
· · · · Duplicate messages
· · · · Cross-posting
· · · · Maximum posts per member
· · · · Maximum quoting allowed
· · · · Maximum Messages Per Day
· · · · Limit the Message Size
· · · · Reject Email Attachments
· · · · Moderator auto-approval
· · · · Command detection
· · · · Anonymous Postings
· · · Access to unsubscribe and change settings
· · · Visibility of the existence of the mailing list
· · · Web Interface Access
· · · Overview of Lyris List Manager Posting Security
· · · Security Considerations of the From: field
· · · Security Recommendations for Announcement lists
· · · How Lyris List Manager Determines the Identity of the Person Posting
· · Lyris List Manager Mail Merge
· · The Lyris List Manager command line
· · Modifying lyris.plc
· Add-On Packages
· Installing and Upgrading
· Appendix
· Frequently Asked Questions

Secure HTTP web interface

Because the web interface runs as a web server CGI script, it is possible to run it inside a Secure HTTP server. This technique can be used if you are concerned about a technique called "packet sniffing" whereby someone in your network can use an Ethernet watching program to read your password as you type on the network.

This is a more sophisticated type of attack, and its actual abuse is rare, but is a known security risk.

If you use a Secure HTTP server, the URL to your web interface will begin with http: and the entire web interface session will be encrypted. That will make it very difficult to practically impossible to crack the password (depending on the encryption used by the browser).

Other pages which link to this page:
  • Security Features for Posting Messages
    		• Page 421 of 629