[Moin-user] email lost password sends password in encrypted form

Eamon Nerbonne eamon at nerbonne.org
Thu Feb 1 19:23:36 EST 2007 

This may just be me, but why is moinmoin even generating {SHA}...
passwords?  Why not just reset it to a random alphanumeric string of 10
characters?  Absurdly long passwords aren't helpful... right?

--Eamon

On 2/1/07, Ted Stern <dodecatheon at gmail.com> wrote:
>
> On 01 Feb 2007 03:54:17 -0800, Thomas Waldmann wrote:
> >
> >>
> http://moinmoin.wikiwikiweb.de/MoinMoinBugs/ResetPasswordEmailImproperlyEncoded
> >>
> >> that seems to describe my problem.  I did a check to see whether the
> >> encoded form of my password would have a trailing '=' sign, and it
> >> does.  When the encoded version is emailed to me, I do not see the '='
> >> sign.
> >
> > As you see at the bottom of the bug page, the issue was fixed (worked
> > around) by multiple patches, so using a recent moin release should help.
> >
> > The main problem with that stuff was that some python standard lib's
> > email function are buggy and behave differently, so we had to add some
> > magic dynamically doing the right thing.
>
> I do have MoinMoin 1.5.4.
>
> In my distribution, the relevant lines in MoinMoin/user/mail.py show
> the fix:
>
> ,----
> |     # work around a bug in python 2.4.3 and above:
> |     msg.set_payload('=')
> |     if msg.as_string().endswith('='):
> |         text = charset.body_encode(text)
> |
> |     msg.set_payload(text)
> |
> `----
>
> And yet the trailing '=' is still swallowed.
>
> The problem might be that the web host is still running python 2.2.3.
>
> Ted
>
> >
> >
> >
> -------------------------------------------------------------------------
> > Using Tomcat but need to do more? Need to support web services,
> security?
> > Get stuff done quickly with pre-integrated technology to make your job
> easier.
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>
> --
> dodecatheon at gmail dot com
> Frango ut patefaciam -- I break so that I may reveal
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier.
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Moin-user mailing list
> Moin-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/moin-user
>



-- 
eamon at nerbonne.org - 06-15142163
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20070202/3cfae5d1/attachment.html>

More information about the Moin-user mailing list