[Mailman-Developers] Re: Is MM cookie auth 'secure' thru HTTP proxy servers?

Fri, 26 Apr 2002 21:06:12 -0400

>>>>> "RB" == Richard Barrett <R.Barrett@ftel.co.uk> writes:

    RB> Further to what I said before (see below), I now enclose a
    RB> patch to correct the problem. The patch is to the
    RB> WebAuthenticate function in Mailman.SecurityManager. It adopts
    RB> the simple hypothesis that if you are setting or checking a
    RB> cookie then the response about to be made shouldn't be cached.

Thanks Richard.

I don't think the patch is quite right but it's close.  I can't
produce a diff right now (I'm replying to this while off-line) but
I'll generate patches against MM2.0.10 and MM2.1cvs when I get a
chance.

What do folks think, does this warrant a 2.0.11 release?

-Barry