[Mailman-Users] htdig patches and information leakage

[Rupa Schomaker]

One can choose to search any archive (even private ones) by
constructing the URL correctly.  If "Short" mode one can find subjects
for the private list.  In "Long" mode one can find excerpts from the
private list.  Viewing the actual message requires logging in.

It seems to me that a better solution is to use a proxy cgi-bin
program for htsearch that first checks to see if the list is private
and if so do the same auth check that the htdig does (just error if
not authened) or actually ask for login info...  If the user is
authenticated or if it is a public list, then just exec the htsearch
cgi program.

-- 
-rupa