[Mailman-developers] access to admin pages

[Scott]

i have a little concern about the ability to access administrative
pages via the web without password confirmation.

there are a number of pieces of displayed information that could lead
spammers to view these pages and figure out how to spam lists.  for
example, anyone can get access to whether a list accepts posts from
anyone.  anyone can gain access to specific anti-spam measures a list
has configured, anyone can gain access to bounce control measures
about a list and determine whether or what kind of out of service
attack may be possible.

for all these reasons, and for the sake of the design of the
administrative cgi script, it seems that it may be a good idea to
stick the entire interface behind a single login and use cookies from
there to allow access.

the reason this seems better from a design point of view of the admin
script is that i recently spent a good deal of time adding a separate
type of authentication to one section.  it was quite complicated, as
the script was designed for authentication only when changes were
requested.   as more different things develop under the administrative
interface, some of them will require authentication for viewing and
some won't.  changing around the authentication scheme every time will
involve work.  it would be much simpler just to have one login at the
onset and to cookies from there.

thoughts?

scott