password handling in MM3
Hi, when subscribing a user or creating a list in Mailman 3.0 we need to implement the use of a password for security reasons. Later the same password will be used for logging in to the settings pages. At the moment passwords are not handled at all which is why I filed bug #600780 (see [1]). However, we're not sure how to handle the passwords at the moment and would like your help with ideas and possible ways to implement this, which is why I want to start a discussion about the password handling/ login function. What do we need to think of and how should this best be dealt with?
Thanks, Anna
--On 9 July 2010 12:11:50 +0200 Anna Granudd <anna.granudd@gmail.com> wrote:
Hi, when subscribing a user or creating a list in Mailman 3.0 we need to implement the use of a password for security reasons. Later the same password will be used for logging in to the settings pages. At the moment passwords are not handled at all which is why I filed bug #600780 (see [1]). However, we're not sure how to handle the passwords at the moment and would like your help with ideas and possible ways to implement this, which is why I want to start a discussion about the password handling/ login function. What do we need to think of and how should this best be dealt with?
Most importantly, passwords must be securely hashed, so that they can't be read by the site or list admins, or by third parties.
That means that password resets must be offered to users, instead of password reminders.
Also, for sites like mine, it would be nice to have more than one password store. For example, I'd like to have users with addresses in the sussex.ac.uk domain authenticated against my current LDAP db, but non-local users authenticate against some other db (perhaps a different branch of the LDAP tree, but perhaps something local).
Thanks, Anna
[1] https://bugs.launchpad.net/mailman/+bug/600780
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/iane%40sussex.a c.uk
Security Policy: http://wiki.list.org/x/QIA9
-- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/
Ian Eiloart wrote:
--On 9 July 2010 12:11:50 +0200 Anna Granudd <anna.granudd@gmail.com> wrote:
Hi, when subscribing a user or creating a list in Mailman 3.0 we need to implement the use of a password for security reasons. Later the same password will be used for logging in to the settings pages. At the moment passwords are not handled at all which is why I filed bug #600780 (see [1]). However, we're not sure how to handle the passwords at the moment and would like your help with ideas and possible ways to implement this, which is why I want to start a discussion about the password handling/ login function. What do we need to think of and how should this best be dealt with?
Most importantly, passwords must be securely hashed, so that they can't be read by the site or list admins, or by third parties.
That means that password resets must be offered to users, instead of password reminders.
Also, for sites like mine, it would be nice to have more than one password store. For example, I'd like to have users with addresses in the sussex.ac.uk domain authenticated against my current LDAP db, but non-local users authenticate against some other db (perhaps a different branch of the LDAP tree, but perhaps something local).
Agreed, passwords must be securely hashed. No one should be able to reverse the hash to derive a password. I toss would also like to have multiple authentication stores whether via LDAP or intrinsic to default Mailman. Likewise, I would also like to have multiple membership stores, obviously the default intrinsic Mailman member store, but also LDAP, database, etc. Optimally, if both multiple password/member stores are combined, when a member authenticates, the member is looked up in the appropriate password/member store for validity whether it be LDAP, a database, or Mailman intrinsic. Likewise, a posting to a list should send a message to members listed in all password/member stores associated with the list.
Thanks, Chris
Thanks, Anna
[1] https://bugs.launchpad.net/mailman/+bug/600780
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/iane%40sussex.a
c.uk
Security Policy: http://wiki.list.org/x/QIA9
-- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/cnulk%40scu.edu
Security Policy: http://wiki.list.org/x/QIA9
Whatever else you do, include OpenID client support. Look at Armin Ronacher's Flask-OpenID extension for how to do it. That's just passwd and authentication, of course. There's still authorization to think through.
-larry
---- Original message ----
Date: Fri, 9 Jul 2010 12:11:50 +0200 From: mailman-developers-bounces+larryt=winfirst.com@python.org (on behalf of Anna Granudd <anna.granudd@gmail.com>) Subject: [Mailman-Developers] password handling in MM3
To: Mailman-developers <mailman-developers@python.org>Hi, when subscribing a user or creating a list in Mailman 3.0 we need to implement the use of a password for security reasons. Later the same password will be used for logging in to the settings pages. At the moment passwords are not handled at all which is why I filed bug #600780 (see [1]). However, we're not sure how to handle the passwords at the moment and would like your help with ideas and possible ways to implement this, which is why I want to start a discussion about the password handling/ login function. What do we need to think of and how should this best be dealt with?
Thanks, Anna
[1] https://bugs.launchpad.net/mailman/+bug/600780
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/larryt%40winfirst....
Security Policy: http://wiki.list.org/x/QIA9
participants (4)
-
Anna Granudd -
C Nulk -
Ian Eiloart -
larryt@winfirst.com