The installation of mailman that I'm using has the monthly sending of password reminders as the default setting.
This led to some discussion with members of one of my mailman lists.
It seems very odd that mailman sends clear-text passwords through e-mail. The use of one-way hashing passwords has been known a long time - Unix version 6 that came out in 1975 already had crypt that was used for one-way encryption of passwords.
Does anybody know why mailman stores passwords in clear text?
I imagine that, back in the '90s, when majordomo was written, it seemed an OK thing to do because nobody thought that all their email was being read - now that everybody knows that e-mail is entirely unsafe, it seems odd that mailman still does this.
Are there any plans to tighten the security up?
On 8/1/2014 9:11 AM, Peter Brooks wrote:
Does anybody know why mailman stores passwords in clear text?
Because it was easy?
http://wiki.list.org/display/DOC/Mailman+2.1+Members+Manual 6 Passwords Do NOT use a valuable password for Mailman, since it can be sent in plain text to you.
Are there any plans to tighten the security up? http://wiki.list.org/display/DEV/Mailman+3.0
Later,
z!
Thank you, yes, I see, I should have researched further before asking.
On 2 August 2014 03:08, Ed Kaler <shop@justbrits.com> wrote:
<< On 8/1/2014 11:11 AM, Peter Brooks wrote:
Does anybody know why mailman stores passwords in clear text? ??
Peter, just use the "Archives" link a bottom and search last month <G>.
Enough info to last you a month <VBG>.
Ed " Just Brits "
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/peter.brooks%40kchclin...
participants (3)
-
Carl Zwanzig -
Ed Kaler -
Peter Brooks