Lyris User's Guide [previous] [next] [contents]

Web Interface Access Table of Contents · Introduction · Email Commands · Web Interface for Users · Server Administrator · Site Administrator · List Administrator · Other Topics · · Security Considerations · · Security Issues Relating to Members · · · Access to the list archives · · · Access to the list of members · · · Access to Subscribe to the Mailing List · · · Steps to restrict false impersonations · · · Security Features for Posting Messages · · · Access to unsubscribe and change settings · · · Visibility of the existence of the mailing list · · · Web Interface Access · · · Overview of Lyris List Manager Posting Security · · · Security Considerations of the From: field · · · Security Recommendations for Announcement lists · · · How Lyris List Manager Determines the Identity of the Person Posting · · Lyris List Manager Mail Merge · · The Lyris List Manager command line · · Modifying lyris.plc · Add-On Packages · Installing and Upgrading · Appendix · Frequently Asked Questions Web Interface Access Lyris List Manager supports a number of features for controlling access to the web interface. These features are: Name/password access Both the user and administrator portions of the web interface require a username and password. In the case of members, the username is always the email address. For administrators, a password is required. For users, the list administrator can decide whether passwords should be used at all, optional or required. Visitors The web interface supports the concept of a "visitor", which is a person who is not a member of the mailing list, but should nonetheless be given access to read the archives of the mailing list. "Visitors: yes/no" is a list administrator controlled setting, on a list-by-list basis. Http The web interface is a standard CGI script, and supports being run from within a secure web server, using SSL encryption. Doing this prevents the possibility of "packet sniffing" by outsiders who are trying to determine your passwords. Admin= You can specify the TCP/IP addresses who are allowed to access the Admin portion of the web interface. If the person connecting is not in the TCP/IP addresses specified (or range of TCP/IP addresses specified), the "admin" button does not appear, and they are not allowed to the admin login page if they try to use the direct URL. User= You can specify the TCP/IP addresses who are allowed to access the user portion of the web interface. If the person connecting is not in the TCP/IP addresses specified (or range of TCP/IP addresses specified), the web interface gives them a "you are not allowed" message and does not display any pages. Custom web interface The web interface is written in Perl and the complete source code is included. You are welcome to change the web interface to suit your needs. No royalties are paid to us and no permission need be requested of us in order to do this. Some people write just a few pages for subscribing and unsubscribing, and do not show their "public" users that the web interface even exists. Separate web interfaces You can install two copies of the web interface, using separate script names, separate virtual servers or even separate machines. By using the user=, admin= and "custom web interface" features described above, your users will only see the features that you want them to see.

Other pages which link to this page: Security Issues Relating to Members

Page 436 of 629