[Mailman-Developers] Do we need the password in the HTML of the confirm page?
Marc MERLIN
marc_news@vasoftware.com
Mon, 4 Mar 2002 01:19:25 -0800
When I went to:
http://gandalf-lists.merlins.org/lists/confirm/test2/372ff4ab4ca390f3c3bfabd47cd78e92489a0b5d
(don't bother trying, it's localhost on my laptop :-D)
I get an HTML page to confirm my subscription.
I haven't looked at the code in details, but does mailman need to put
the list password in cleartext in the HTML?
(if the answer is "yes", then never mind)
It's not the end of the world, but if someone puts my Email by mistake (one
letter typo or something in a company), I can get his mailman password, and
with a little luck that password could work in other places too (not that
the person is supposed to use the same password, but...)
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key