[Mailman-Developers] Hashing member passwords in config.pck

Bob Puff bob at nleaudio.com
Sat Feb 12 08:07:29 CET 2005


I'm in agreement with Barry, that I don't think we should phase out passwords
for 2.1.x.  I know several of my users who sign up to the lists using their
corporate mailbox, yet log in from home and view archives (they remember their
password).  I'd have people screaming bloody murder if the archives were
required to have email confirmation for each read.

I'm sorry, but I just don't see other viable solutions except for passwords
for this function.  Every other "members-only" area on the internet today is
authenticated by passwords, and they can be saved in the browsers for easy access.

I don't see a problem limiting the passwords to private archives though.  Yes,
email authentication is perfect for subscription changes.

So let me ask this: if we drop passwords for everything but the private
archives, do we really need to do anything differently than the format
currently in place?  Do they really need to be one-way encrypted?  Being able
to email a forgotten password has its benefits.

For sites that don't use private archives, passwords would be a non-issue.

Bob


More information about the Mailman-Developers mailing list