Tokio Kikuchi has proposed merging lp:~tkikuchi/mailman/form-lifetime into lp:mailman/2.1.
Requested reviews: Mark Sapiro (msapiro) For more details, see: https://code.launchpad.net/~tkikuchi/mailman/form-lifetime/+merge/64107 Setting lifetime for input forms is useful in protecting lists and user settings from cross-site request forgery (CSRf). The form generation time is set by a hidden parameter whose value is calculated following the mailman cookie algorithm. The default lifetime is set 1 hour in Default.py thus configurable by a site administrator. If a password is set in request, authorization cookie is discarded so the password authentication is forced. This code has been in operation for more than a month on my sites and is considered to be stable. -- https://code.launchpad.net/~tkikuchi/mailman/form-lifetime/+merge/64107 Your team Mailman Checkins is subscribed to branch lp:mailman/2.1. _______________________________________________ Mailman-checkins mailing list Mailman-checkins@python.org Unsubscribe: http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
