[Mailman-Developers] Re: Is MM cookie auth 'secure' thru HTTP proxy servers?
Barry A. Warsaw
barry@zope.com
Fri, 26 Apr 2002 21:06:12 -0400
>>>>> "RB" == Richard Barrett <R.Barrett@ftel.co.uk> writes:
RB> Further to what I said before (see below), I now enclose a
RB> patch to correct the problem. The patch is to the
RB> WebAuthenticate function in Mailman.SecurityManager. It adopts
RB> the simple hypothesis that if you are setting or checking a
RB> cookie then the response about to be made shouldn't be cached.
Thanks Richard.
I don't think the patch is quite right but it's close. I can't
produce a diff right now (I'm replying to this while off-line) but
I'll generate patches against MM2.0.10 and MM2.1cvs when I get a
chance.
What do folks think, does this warrant a 2.0.11 release?
-Barry