diff --git a/contrib/enable_webschleuder.rb b/contrib/enable_webschleuder.rb
old mode 100644
new mode 100755
index 32e20c6..f72dd94
--- a/contrib/enable_webschleuder.rb
+++ b/contrib/enable_webschleuder.rb
@@ -40,17 +40,18 @@ class EnableWebschleuder
 
   def self.usage 
     puts "Usage:
-#{File.basename($0)} listname password (-encrypted) (-override)"
+#{File.basename($0)} listname [-encrypted] [-override]"
    exit 1
   end
 end
 
 listname = ARGV.shift
-password = ARGV.shift
-EnableWebschleuder.usage unless listname and password
+EnableWebschleuder.usage unless listname
 encrypted = override = false
 while nextarg = ARGV.shift
    encrypted = (nextarg == '-encrypted') unless encrypted
    override = (nextarg == '-override') unless override
 end
-EnableWebschleuder.enable(listname,password,encrypted,override)
+print "Password for list" + listname + '' if STDIN.fcntl(Fcntl::F_GETFL, 0) != 0
+password = gets
+EnableWebschleuder.enable(listname,password.chomp,encrypted,override)
diff --git a/webschleuder.rb b/webschleuder.rb
index c90db2f..6259836 100755
--- a/webschleuder.rb
+++ b/webschleuder.rb
@@ -23,8 +23,8 @@ require 'webschleuder/errors'
 
 
 module Webschleuder
-    set :secret, Webschleuder::Models::WebConfig.loadconfig.session_secret
     include Camping::Session
+    secret Webschleuder::Models::WebConfig.loadconfig.session_secret
 
     def r404(path)
       "Sorry, but I can't find #{path}."
diff --git a/webschleuder/controllers.rb b/webschleuder/controllers.rb
index c84348c..4e85625 100755
--- a/webschleuder/controllers.rb
+++ b/webschleuder/controllers.rb
@@ -21,7 +21,7 @@ module Webschleuder::Controllers
       end
     end
 
-    class Login < R '/([^/]*)/login'
+    class Login < R '/schleuder/([^/]*)/login'
         def get(listname)
             prepare
             @myself = self
@@ -48,7 +48,7 @@ module Webschleuder::Controllers
         end
     end
 
-    class Logout < R '/([^/]*)/logout'
+    class Logout < R '/schleuder/([^/]*)/logout'
         def get(listname)
             return unless authenticate
             $list = nil
@@ -60,7 +60,7 @@ module Webschleuder::Controllers
         end
     end
 
-    class ListIndex < R '/([^/?]+)'
+    class ListIndex < R '/schleuder/([^/?]+)'
       def get(listname)
         return unless authenticate
         @myself = self
@@ -69,7 +69,7 @@ module Webschleuder::Controllers
       end
     end
 
-    class Index < R '/'
+    class Index < R '/schleuder/'
         def get()
           prepare
           # catch get-params from startpage-jumpform
@@ -83,7 +83,7 @@ module Webschleuder::Controllers
         end
     end
 
-    class Users < R '/([^/]*)/users'
+    class Users < R '/schleuder/([^/]*)/users'
         def get(listname)
             return unless authenticate
             @users = User.loadusers
@@ -123,7 +123,7 @@ module Webschleuder::Controllers
         end
     end
 
-    class Listconfig < R '/([^/]*)/listconfig'
+    class Listconfig < R '/schleuder/([^/]*)/listconfig'
         def get(listname)
             return unless authenticate
             @config = SchleuderConfig.loadlistconfig
@@ -162,7 +162,7 @@ module Webschleuder::Controllers
         end
     end
 
-    class Keys < R '/([^/]*)/keys', '/([^/]*)/keys/([^/]*)', '/([^/]*)/keys/([^/]*)/(.*)'
+    class Keys < R '/schleuder/([^/]*)/keys', '/schleuder/([^/]*)/keys/([^/]*)', '/schleuder/([^/]*)/keys/([^/]*)/(.*)'
         def get(listname, action=nil, keyid=nil)
             return unless authenticate
             case action
@@ -238,7 +238,7 @@ module Webschleuder::Controllers
         end
     end
 
-    class Password < R '/([^/]*)/password'
+    class Password < R '/schleuder/([^/]*)/password'
 
         def get(listname)
             return unless authenticate
diff --git a/webschleuder/helpers.rb b/webschleuder/helpers.rb
index 3aafedc..2f619cd 100755
--- a/webschleuder/helpers.rb
+++ b/webschleuder/helpers.rb
@@ -1,3 +1,4 @@
+require "rack/utils"
 module Webschleuder::Helpers
 
     def prepare
@@ -7,16 +8,14 @@ module Webschleuder::Helpers
         # TODO: further input parsing (against XSS etc.)
         #
         # what does the request look like?
-        request = @env['REQUEST_URI'].split('/')
-        # throw away first element as it is empty
-        request.shift
+        request = @env['REQUEST_URI'].gsub(/^\/schleuder\//,'').split('/')
 
         $appconf = Webschleuder::Models::SchleuderConfig.loadconfig
         $webappconf = Webschleuder::Models::WebConfig.loadconfig
 
         @state.flash = {:info => [], :error => []} unless @state.flash.is_a?Hash
 
-        listname = request.first || ''
+        listname = Rack::Utils.unescape(request.first || '')
         listdir = File.join($appconf.lists_dir, listname)
 
         if !listname.empty? and File.directory?(listdir)
diff --git a/webschleuder/webschleuder_config.rb b/webschleuder/webschleuder_config.rb
index 08f595b..b89004f 100644
--- a/webschleuder/webschleuder_config.rb
+++ b/webschleuder/webschleuder_config.rb
@@ -47,7 +47,7 @@ module Webschleuder
     private
 
     def _write(data,filename)
-      if File.open(filename, 'w') { |f| f << data }
+      if File.open(filename, File::WRONLY|File::CREAT, 0600) { |f| f << data }
         true
       else
         false