Dave Dewey wrote:
Quoting Dave Dewey (ddewey@cyberthugs.com):
Here's the issue I can't solve. It is clear that SOME user passwords in the lists' config.pck file are encrypted, and some aren't. This is within the SAME config.pck, I'm only running one list. When using 'dumpdb' to investigate the the users email/passwords, some of the passwords are definitely clear text. However, others (including all of my own, for various test subscriptions) are encrypted.
More info: it appears that only passwords that were chosen at time of subscription are encrypted. If a user then goes in and changes the password, it is stored unencrypted in config.pck.
Are you sure they are encrypted and not just encoded (e.g. unicode)?
What do you see in monthly password reminders?
I looked through the code somewhat, particularly the code that produces password reminders, and I can't see anywhere where there is any encryption/decryption of passwords going on.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan