[Mailman-Developers] Re: [Mailman-Announce] RELEASED Mailman 2.1
Mon Nov 25 14:42:28 2002
On Monday, November 25, 2002, at 12:48 AM, John W Baxter wrote:
> At 1:02 -0500 11/20/2002, Phil Barnett wrote:
>> Sending passwords as plaintext in 2002 is downright negligent
>> considering the
>> current state of sniffing, monitoring and penetration.
> So...we stop calling them passwords.
I'm on so many Mailman lists that I can never remember which ones I've
chosen passwords for and which I've let the software choose, so
whenever I want to change any settings on a list I always mail myself
I'd be happy with randomly generated one-time time-limited (hours?
days?) tokens - perhaps somewhat longer Base64 or MD5 hashes - and have
the software mail out a URL. I like the idea of sending a URL - users
are frequently confused about what they should be doing with the
password, if they can just click they'd be happier.
To continue supporting email commands, perhaps have a system of
requesting a time-limited token by return email.
(finally read the backlog of 800 messages I had on this list - yay!)
More information about the Mailman-Developers