[Mailman-Developers] mass subscribe bug
Scott
scott@chronis.pobox.com
Sat, 13 Jun 1998 20:04:35 -0400
On Sat, Jun 13, 1998 at 03:38:13PM -0700, John Viega wrote:
| On Sat, Jun 13, 1998 at 05:22:25PM -0400, Scott wrote:
| > I saw this error once in another context (still with mailman and
| > cookies, but with the "private" cgi).
|
| Hmm, I've heard of this error from two different people now, and one
| of them mentioned it was transient. Sometimes it happened... I don't
| think it invvolved IE on a mac.
|
| > cookie, or there is something about the way that the base64 module
| > encodes and decodes that won't work with http. Since I've only seen
| > the error on what i consider a questionable browser i suspect that
| > it's the browser's fault.
|
| Why are you using base64 encoding, anyway? If it's a "privacy"
| matter, anyone who reads your cookie can forge the same cookie, no?
| If so, might as well just use plaintext if it's going to be an
| eisenbug this way.
i was following the example in the "private" script. i don't think
base64 is necessary, but would think that some kind of encoding makes
it safer -- if only because it looks random. md5 is another option
for that, but it produces lots of characters that need special http
escaping. i'm not sure whether or not base64 has the same problem.
perhaps plaintext or a simple hash is in order?
scott