[Mailman-Developers] REST API returning value of password field in user record

Andrew Stuart andrew.stuart at supercoders.com.au
Sat Jan 10 00:58:28 CET 2015

I’m aware that it’s not the actual cleartext password.

From a security perspective should even salted and hashed passwords should stay behind the API or might there be a need for something on the other side of the API to access that field?


More information about the Mailman-Developers mailing list