[Mailman-Developers] Cookie security hole in admin interface
Gerhard Gonter
gonter@maestria.wu-wien.ac.at
Mon, 14 Jun 1999 10:20:30 +0200 (MES)
Harald Meland writes:
> As the extra complexity added by having to save session state on the
> server side (i.e. have Mailman keep track of session IDs) is rather
> large, and [...]
In a local CGI application, we are storing cookies in an LDAP server
which would be an excellent supplement for Mailman anyway. User
database and some other things might be stored there. I toyed around
with that idea in conjunction with our old Listprocessor but gave
up on that because the Listprocessor is such a mess.
+gg
--
Gerhard.Gonter@wu-wien.ac.at Fax: +43/1/31336/702 g.gonter@ieee.org
Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria