[Gerhard Gonter]

Harald Meland writes:

...

As the extra complexity added by having to save session state on the server side (i.e. have Mailman keep track of session IDs) is rather large, and [...]

In a local CGI application, we are storing cookies in an LDAP server which would be an excellent supplement for Mailman anyway.

True -- I was only saying that for fixing the hole, such a major job would take too much time. For post-1.0 LDAP support might at some time be nice (although it would have to be a purely optional thing, of course).

User database and some other things might be stored there. I toyed around with that idea in conjunction with our old Listprocessor but gave up on that because the Listprocessor is such a mess.

Maybe generalizing the interface for storing state in Mailman is something to think about. If we had such a thing, we could have a "marshal-dump to/from local file" subclass, an "LDAP-query" subclass, and so on...

I think many of the other things we have put off until after 1.0 will have priority, though.

Harald