[Mailman-Developers] Hashing member passwords in config.pck
Bob Puff at NLE
bob at nleaudio.com
Thu Feb 10 19:29:51 CET 2005
I've -always- disabled the monthly reminders, so that would be no great loss.
If we convert to one-way passwords, could the upgrade script convert the current passwords? It
would be a -big- deal if everyone had to reset their passwords.
Barry Warsaw wrote:
> I think CAN-2005-0202 gives us the opportunity to finally implement what
> we have long considered an embarrassing exposure in Mailman's config.pck
> databases. Member passwords are kept in this database in the clear.
> The obvious fix is to hash member passwords and keep only the hash in
> the database.
> We haven't changed this before now for two reasons:
> 1. We would have to regenerate all member passwords, which is an
> administrative burden. We might also need to implement checks to see if
> the passwords were cleartext or hashed and do the password comparison
> 2. This breaks all password reminders.
> To fully address CAN-2005-0202 we're recommending sites regenerate their
> member passwords anyway, so this gives us an opening to fix this
> properly. And we have a better internal password generator now too.
> As for #2, well, I think most people hate those password reminders
> anyway, and we've decided that they are going away for MM3. I don't
> think many people would shed too many tears if we killed off monthly
> password reminders for 2.1.6. Doing that would also eliminate the
> requirement for the site list, since its primary purpose is to function
> as the sender of the reminder messages.
> To do this for 2.1.6, we'd have to change the "Email My Password To Me"
> feature in the options page and in the member login page. These would
> have to become a "create a new password for me" feature. Also,
> crontab.in should not call mailpasswds anymore, or that script should
> turn into a simple "here's the lists you are on" reminder, without the
> password information in it. This will require i18n updates too.
> The downside to doing this now is that it's more coding work for 2.1.6
> and I'd like to get the new version out asap. Still, this seems like an
> opportunity that we shouldn't lightly dismiss.
> What do you all think? Is anybody willing to take a crack at a patch
> for this?
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/bob%40nleaudio.com
More information about the Mailman-Developers