[Lab] Plain text password
jeanmarc.leblanc at gmail.com
Thu Nov 5 13:53:51 EST 2015
If there no history, I don't mind just chaining the password. but it might
be worth mentioning. Maybe indicate when you sign up not to reuse a
password and have it entirely unique to this site.
Jean-Marc Le Blanc
On Wed, Nov 4, 2015 at 10:28 AM, Peter Sjoberg <lpaseen at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> On 11/01/2015 10:31 AM, Jean-Marc LeBlanc wrote:
> > I just noticed that the database for the modlab mailing list keeps
> > passwords in plain text rather than a salted hash.
> When you signed up you should have seen something like
> "You may enter a privacy password below. This provides only mild
> security, but should prevent others from messing with your subscription.
> Do not use a valuable password as it will occasionally be emailed back
> to you in cleartext."
> (at least if you used http://artengine.ca/mailman/listinfo/lab)
> note the "may", if no password is entered a random one is created and
> that's normally what I do.
> It's an old discussion about it at
> - From one of those posts:
> "The best I can tell, your expectations for Mailman's security and the
> software authors' expectations are completely different. As has already
> been explained, it is a low level of security designed to prevent (maybe
> I should just say discourage) mischief. It is not intended to be as
> secure as what secures your bank accounts. If your Mailman password is
> compromised, what is the most damage that can be done? Very little."
> > Does it keep a history of passwords?
> since you can put same psw as new psw I can't see it having history
> > Could I have all my passwords
> > scrubed from the data base?
> quick check on my own mailman list I see the psw in
> /var/lib/mailman/lists/[listnam]/config.pck and it seems like best way
> to go is to change your password to some random string.
> > _______________________________________________
> > Lab mailing list
> > 1. subscribe http://artengine.ca/mailman/listinfo/lab
> > 2. then email Lab at artengine.ca to send your message to the list
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
> Lab mailing list
> 1. subscribe http://artengine.ca/mailman/listinfo/lab
> 2. then email Lab at artengine.ca to send your message to the list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Lab