i have a little concern about the ability to access administrative pages via the web without password confirmation.
there are a number of pieces of displayed information that could lead spammers to view these pages and figure out how to spam lists. for example, anyone can get access to whether a list accepts posts from anyone. anyone can gain access to specific anti-spam measures a list has configured, anyone can gain access to bounce control measures about a list and determine whether or what kind of out of service attack may be possible.
for all these reasons, and for the sake of the design of the administrative cgi script, it seems that it may be a good idea to stick the entire interface behind a single login and use cookies from there to allow access.
the reason this seems better from a design point of view of the admin script is that i recently spent a good deal of time adding a separate type of authentication to one section. it was quite complicated, as the script was designed for authentication only when changes were requested. as more different things develop under the administrative interface, some of them will require authentication for viewing and some won't. changing around the authentication scheme every time will involve work. it would be much simpler just to have one login at the onset and to cookies from there.
thoughts?
scott