[Mailman-Developers] config.pck password encryptioninconsistencies

Barry Warsaw barry at python.org
Thu Dec 9 15:02:47 CET 2004

On Wed, 2004-12-08 at 20:58, Mark Sapiro wrote:

> I looked through the code somewhat, particularly the code that produces
> password reminders, and I can't see anywhere where there is any
> encryption/decryption of passwords going on.

Correct.  Mailman does not encrypt or hash member passwords, and they
are stored in the clear in the config.pck file (this is actually not
good, but it's the way it is).  Owner and moderator passwords are
generally hashed, typically these days with sha1.  I have no idea where
your passwords are getting changed.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041209/297345f9/attachment.pgp

More information about the Mailman-Developers mailing list