[Mailman-Developers] Hashing member passwords in config.pck
Bob Puff
bob at nleaudio.com
Fri Feb 11 05:44:34 CET 2005
I'm all for the password-less stuff, but then how do you authenticate for
members-only archives? I've got big lists that must be members-only for the
archives.
Bob
---------- Original Message -----------
From: Tokio Kikuchi <tkikuchi at is.kochi-u.ac.jp>
To: John Dennis <jdennis at redhat.com>
Cc: mailman-developers at python.org, Barry Warsaw <barry at python.org>
Sent: Fri, 11 Feb 2005 09:29:58 +0900
Subject: Re: [Mailman-Developers] Hashing member passwords in config.pck
> Hi,
>
> John Dennis wrote:
>
> > My suggestion would be:
> >
> > 1) As soon as possible post MM 2.1.6 with the security patch.
>
> +1
>
> >
> > 2) Quickly follow up with MM 2.1.7 with the member passwords hashed.
>
> I would suggest 'mailman 2.2' and introduce password-less membership.
> Most of the user operations should be done by confirmation string
> sent by email message. Users can optionally have their passwords
> which should be stored in hashed format.
>
> Other 2.2 features I imagine are:
> - Languages are selectable at configure option.
> - Internal strings are unified to unicode to reduce type checking.
> - Utf-8 web pages for
>
> > At
> > the same time I think we should implement the stronger password
> > generation suggested in this open advisory against mailman.
> >
> > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-1143
> >
> This has been integrated in 2.1.6 CVS.
>
> --
> Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
> http://weather.is.kochi-u.ac.jp/
>
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/bob%40nleaudio.com
------- End of Original Message -------
More information about the Mailman-Developers
mailing list