Lyris User's Guide
[previous] [next] [contents]
Web Interface Access
Table of Contents
Introduction
Lyris Email Commands
Web Interface for Users
Server Administrator
Site Administrator
List Administrator
Other Topics
Security Considerations
Security Issues Relating to Members
Access to the list archives
Access to the list of members
Access to Subscribe to the Mailing List
Steps to restrict false impersonations
Security Features for Posting Messages
Access to unsubscribe and change settings
Visibility of the existence of the mailing list
Web Interface Access
Overview of Lyris Posting Security
Security Considerations of the From: field
Security Recommendations for Announcement lists
How Lyris Determines the Identity of the Person Posting
Lyris Mail Merge
The Lyris command line
Modifying lyris.plc
Add-On Packages
Installing and Upgrading
Appendix
Frequently Asked Questions

Web Interface Access

Lyris supports a number of features for controlling access to the Lyris web interface. These features are:

name/password access
Both the user and administrator portions of the Lyris web interface require a username and password. In the case of members, the username is always the email address. For administrators, a password is required, while for users, the list administrator can decide whether passwords should be used at all, should be optional, or should be required.

visitors
The Lyris web interface supports the concept of a "visitor", which is a person who is not a member of the mailing list, but should nonetheless be given access to read the archives of the mailing list. "Visitors: yes/no" is a list administrator controlled setting, on a list-by-list basis.

http
The Lyris web interface is a standard CGI script, and supports being run from within a secure web server, using SSL encryption. Doing this prevents the possibility of "packet sniffing" by outsiders who are trying to determine your passwords.

admin=
You can specify the TCP/IP addresses who are allowed to access the Admin portion of the Lyris web interface. If the person connecting is not in the TCP/IP addresses specified (or range of TCP/IP addresses specified), the "admin" button does not appear, and they are not allowed to the admin login page if they try to use the direct URL.

user=
You can specify the TCP/IP addresses who are allowed to access the user portion of the Lyris web interface. If the person connecting is not in the TCP/IP addresses specified (or range of TCP/IP addresses specified), the web interface gives them a "you are not allowed" message and does not display any pages.

custom web interface
The Lyris web interface is written in Perl, and the complete source code is included. You are welcome to change the Lyris web interface to suit your needs. No royalties are paid to us, and no permission need be requested of us in order to do this. Some people write just a few pages for subscribing and unsubscribing, and do not show their "public" users that the Lyris web interface even exists.

separate web interfaces
You can install two copies of the Lyris web interface, using separate script names, separate virtual servers, or even separate machines. By using the user=, admin= and "custom web interface" features described above, your users will only see the features that you want them to see.

Other pages which link to this page:
  • Security Issues Relating to Members
  • Page 394 of 556