[Lab] Plain text password

Jean-Marc LeBlanc jeanmarc.leblanc at gmail.com
Thu Nov 5 13:53:51 EST 2015


If there no history, I don't mind just chaining the password. but it might
be worth mentioning.  Maybe indicate when you sign up not to reuse a
password and have it entirely unique to this site.


Jean-Marc Le Blanc
---

On Wed, Nov 4, 2015 at 10:28 AM, Peter Sjoberg <lpaseen at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 11/01/2015 10:31 AM, Jean-Marc LeBlanc wrote:
> > I just noticed that the database for the modlab mailing list keeps
> > passwords in plain text rather than a salted hash.
> When you signed up you should have seen something like
> "You may enter a privacy password below. This provides only mild
> security, but should prevent others from messing with your subscription.
> Do not use a valuable password as it will occasionally be emailed back
> to you in cleartext."
> (at least if you used http://artengine.ca/mailman/listinfo/lab)
>
> note the "may", if no password is entered a random one is created and
> that's normally what I do.
>
> It's an old discussion about it at
>   https://www.mail-archive.com/mailman-users@python.org/msg60018.html
> - From one of those posts:
> "The best I can tell, your expectations for Mailman's security and the
> software authors' expectations are completely different. As has already
> been explained, it is a low level of security designed to prevent (maybe
> I should just say discourage) mischief. It is not intended to be as
> secure as what secures your bank accounts. If your Mailman password is
> compromised, what is the most damage that can be done? Very little."
>
> >
> > Does it keep a history of passwords?
> since you can put same psw as new psw I can't see it having history
> anywhere.
>
> > Could I have all my passwords
> > scrubed from the data base?
> quick check on my own mailman list I see the psw in
> /var/lib/mailman/lists/[listnam]/config.pck and it seems like best way
> to go is to change your password to some random string.
>
> /ps
>
>
> >
> >
> >
> > _______________________________________________
> > Lab mailing list
> > 1. subscribe http://artengine.ca/mailman/listinfo/lab
> > 2. then email Lab at artengine.ca to send your message to the list
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIVAwUBVjokGyRVDohC3d3dAQoMwRAAhsJu+WXTAlINzrOxajDdh5jV+SFvv1gi
> SDcxeiGQEumRj2qcsg5beu8YyoaPxIjwk7kbxMypEbxw82fYlo/IFe5D7au4mI/a
> uOUpCzqCYT2KnSdepzDkb2wZDuTLFvSfCgLJ0vyvW6j8xHx9lMXSoHp/Et6AQ3uH
> /KdnNDbBsKNv30YtFArMwVYnZ6JdJ6z4mXoP1X7aEN4q2ELgPVKKZmQ9UJZNkY32
> MkKksA0bSp+sVgGWW6gNqMa+I6lzr+eIClRQTeRm7T7oQ80uJyQM52Btwzhf68RQ
> A7LQijOi0pJUjEhy/3QAD3N9SwX0afBLuTDQaGJuBvzuuvsBPM3+u8gp4L6CrueJ
> Jx45dK44u2z/IsmMqifmR5eBFyNjIxlz/B9XRVXIMo1BlUrIYV2UoJ56qLIRUZQ9
> 7fOOfZkdOZ2GLOkwVsDErKuUDXgBwFBxOrcLc6LbgahlGb8ht/nrilHzS50Pvyay
> n0gXz9t0oCnJLcDIzydIRvj1gEqRzYv9NPRKy4rxGKDZgwWjtAR4apDmMn/66NS6
> eE/7Bdd9QeCmTaZqybFHp76vs4AyCJBaGoGS4AeF3qPmr/+brCxOsXLl7C6P0mwG
> jxtZX8gZhsjnQsN5SqPW5WzWkN23oQd7RJk3vafam2PWr4EPkzpH+DjtdyRXIbwO
> NC4od03mVIg=
> =JyGq
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Lab mailing list
> 1. subscribe http://artengine.ca/mailman/listinfo/lab
> 2. then email Lab at artengine.ca to send your message to the list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://artengine.ca/pipermail/lab/attachments/20151105/92ae5765/attachment.html>


More information about the Lab mailing list