[Mailman-Developers] Hashing member passwords in config.pck
Joel Ebel
jbebel at ncsu.edu
Thu Feb 10 16:44:37 CET 2005
I can't speak to whether the work is worth the benefit, but I'm
definitely in favor of the change. I've always questioned the benefit
of having recoverable passwords. I feel like a password should be a one
way thing. You put it in, and you can't get it back. If you forget it,
you have to reset it. I think password reminders are unnecessary, and I
don't really like having passwords in my email anyway. Perhaps a
reminder of how to access your membership settings and reset your
password would be a better option anyway.
Joel
Barry Warsaw wrote:
> I think CAN-2005-0202 gives us the opportunity to finally implement what
> we have long considered an embarrassing exposure in Mailman's config.pck
> databases. Member passwords are kept in this database in the clear.
> The obvious fix is to hash member passwords and keep only the hash in
> the database.
>
> We haven't changed this before now for two reasons:
>
> 1. We would have to regenerate all member passwords, which is an
> administrative burden. We might also need to implement checks to see if
> the passwords were cleartext or hashed and do the password comparison
> accordingly.
>
> 2. This breaks all password reminders.
>
> To fully address CAN-2005-0202 we're recommending sites regenerate their
> member passwords anyway, so this gives us an opening to fix this
> properly. And we have a better internal password generator now too.
>
> As for #2, well, I think most people hate those password reminders
> anyway, and we've decided that they are going away for MM3. I don't
> think many people would shed too many tears if we killed off monthly
> password reminders for 2.1.6. Doing that would also eliminate the
> requirement for the site list, since its primary purpose is to function
> as the sender of the reminder messages.
>
> To do this for 2.1.6, we'd have to change the "Email My Password To Me"
> feature in the options page and in the member login page. These would
> have to become a "create a new password for me" feature. Also,
> crontab.in should not call mailpasswds anymore, or that script should
> turn into a simple "here's the lists you are on" reminder, without the
> password information in it. This will require i18n updates too.
>
> The downside to doing this now is that it's more coding work for 2.1.6
> and I'd like to get the new version out asap. Still, this seems like an
> opportunity that we shouldn't lightly dismiss.
>
> What do you all think? Is anybody willing to take a crack at a patch
> for this?
>
> -Barry
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/jbebel%40ncsu.edu
More information about the Mailman-Developers
mailing list