[Mailman3-dev] Flexible data storage

Barry Warsaw barry at python.org
Mon Mar 15 16:42:18 EST 2004

On Mon, 2004-03-15 at 16:31, Erez Zadok wrote:

> BTW, it'd be nice if the subscriber list and their passwords will also be
> encrypted on disk somehow.  I fear the day when hackers manage to break into
> mailing list systems just to steal a huge subscriber list.

That would probably be the role of the backend storage, but it does have
implications for the API and the functionality.  For example, if the
backend is allowed to encrypt passwords, it may be impossible to do
password recovery.  Password resets may be the only option.  We need a
flexible interface to be able to express those options.

(Aside: Mailman 3 will have no monthly password reminders.  I don't know
if y'all hate those as much as I do, but we should look forward to the
day where we don't have to celebrate our monthly curse: Mailman Day. :)

> And, while I'm on the subject of extensibility, how about a hook to force
> passwords to expire and have to be changed; and another hook for enforcing
> password quality (min/max length, mix of alpha, numbers, upper/lower case,
> special chars, etc.).

It's something we should definitely keep in mind, as an extension
probably.  This is where a defined data model will be useful since such
hooks can be written against the backend data perhaps.


More information about the Mailman3-Dev mailing list