Security of the Web Interface

Aurea List Manager supports a number of features for controlling access to the web interface. These features are:

Name/password access

Both the user and administrator portions of the web interface require a username and password. In the case of members, the username is always the email address. For administrators, a password is required. For users, the list administrator can decide whether passwords should be used at all, optional or required.

Administrator Interface

The administrator web interface requires a user name and password. Server administrators may restrict other admins to particular areas of the interface by assigning them the appropriate administrative role or by using permission groups to allow or deny access to particular pages.

Limit by TCP/IP Address

Access to the interface may also be restricted by IP address; see Utilities: Administration: Server: Server Settings: Security: Web for more information.

Administration Web Server

Some security-minded administrators may wish to protect access to the ListManager web interface by putting it behind a firewall, and then install a stripped-down ListManager web server to process tracking and other user events.

Access to List Archives

By default, the messages sent through a list are visible in the Discussion Forum Interface to both members and visitors. To restrict visibility of these archives, change the settings in Utilities: List Settings: Discussion Forum Interface: Message Reading: List Visibility.

Note

if you do not require your members to have passwords, then non-members may be able to get their way into your mailing list and read the archives if they know just the email address of a member on your list.

If this concerns you, you can set your mailing list to require member passwords. List members can have a link to reset their password emailed to them by going to the Discussion Forum Interface. If they fail to log in to the My Forums tab, they have a link to reset the password emailed to them.

List admins can have a link to reset their password emailed to them if they fail to log into the admin interface.

Custom Web Interface

The web interface is written in Tcl and the complete source code is included. You are welcome to change the web interface to suit your needs. No royalties are paid to us and no permission need be requested of us in order to do this. Some people write just a few pages for subscribing and unsubscribing, and do not show their "public" users that the Aurea List Manager web interface even exists.