[Mailman-Developers] Big checkins a'comin'!

Jeb Bateman jeb@ocha.net
Thu, 15 Feb 2001 09:45:10 -0800


J C Lawrence wrote:
> 
> Don't go there.  The way to handle this, for both asmin and user
> passwords is that either an admin or a user may request a new
> password, whereupon a confirm token is emailed to their address with
> the confirm token embedded in an URL.  They can then visit the URL
> thus having (marginally) demonstrated that they are who they say
> they are, and set a *NEW* password.

Exactly.  I'm tired of user passwords being stored in plain text.  It
makes me nervous about security.  Here's an idea...  Mailman's random
passwords can be stored in plain text, no big deal.  However, when a
user specifies their *own* password, that is stored in crypt (or sha1,
if the string is reasonably short).  The authentication code simply
checks the crypted hash of the supplied password first, and then falls
back to a plain text check.  Thus, password reminders still work, since
they simply send the hash of a user's password, and explain that either
the hash or the original password will work...

Some users may even prefer to authenticate with the hash, since it
avoids sending their original password across the net.  (Anyway, I think
I'll work on this for my own sites, at least...)

Thanks,
-jeb

PS: I'm also working on fixing Patch #102426, which is unreliable even
with the necessary string.lower that john reed noted.  It should call a
function to get the list directory path, but is the mlist object
available from maketext(?)