On 02/04/2014 03:03 PM, Peter Shute wrote: > > I agree that convenience is often at the expense of security, but I feel that > this is just a side efect of something they've done with multitasking. The > cookies are supposed to expire if I close the browser, but I haven't. I've > only swapped to another program for a while. Safari is a native app, not a > random program off the internet.
The security issues are not with the browser sofware, but rather with Cross Site Request Forgery attacks. > As Mark said, this is an Apple problem, not a mailman problem. but if it has > become a permanent feature of iOS, and if lots of mailman administrators use > iOS, does it become a mailman problem? And have you asked Apple about it? As far as providing "relief" in Mailman in the form of persistent cookies, I'm not inclined to do that in Mailman 2.1 because of the potential CSRF implications. The login/security model for Mailman 3/Postorius is different, so this may or may not be an issue there. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
