<div dir="ltr">If there no history, I don't mind just chaining the password. but it might be worth mentioning. Maybe indicate when you sign up not to reuse a password and have it entirely unique to this site.<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><br>Jean-Marc Le Blanc<br>---<br></div></div>
<br><div class="gmail_quote">On Wed, Nov 4, 2015 at 10:28 AM, Peter Sjoberg <span dir="ltr"><<a href="mailto:lpaseen@gmail.com" target="_blank">lpaseen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<span class=""><br>
On 11/01/2015 10:31 AM, Jean-Marc LeBlanc wrote:<br>
> I just noticed that the database for the modlab mailing list keeps<br>
> passwords in plain text rather than a salted hash.<br>
</span>When you signed up you should have seen something like<br>
"You may enter a privacy password below. This provides only mild<br>
security, but should prevent others from messing with your subscription.<br>
Do not use a valuable password as it will occasionally be emailed back<br>
to you in cleartext."<br>
(at least if you used <a href="http://artengine.ca/mailman/listinfo/lab" rel="noreferrer" target="_blank">http://artengine.ca/mailman/listinfo/lab</a>)<br>
<br>
note the "may", if no password is entered a random one is created and<br>
that's normally what I do.<br>
<br>
It's an old discussion about it at<br>
<a href="https://www.mail-archive.com/mailman-users@python.org/msg60018.html" rel="noreferrer" target="_blank">https://www.mail-archive.com/mailman-users@python.org/msg60018.html</a><br>
- From one of those posts:<br>
"The best I can tell, your expectations for Mailman's security and the<br>
software authors' expectations are completely different. As has already<br>
been explained, it is a low level of security designed to prevent (maybe<br>
I should just say discourage) mischief. It is not intended to be as<br>
secure as what secures your bank accounts. If your Mailman password is<br>
compromised, what is the most damage that can be done? Very little."<br>
<span class=""><br>
><br>
> Does it keep a history of passwords?<br>
</span>since you can put same psw as new psw I can't see it having history<br>
anywhere.<br>
<span class=""><br>
> Could I have all my passwords<br>
> scrubed from the data base?<br>
</span>quick check on my own mailman list I see the psw in<br>
/var/lib/mailman/lists/[listnam]/config.pck and it seems like best way<br>
to go is to change your password to some random string.<br>
<br>
/ps<br>
<span class=""><br>
<br>
><br>
><br>
><br>
> _______________________________________________<br>
> Lab mailing list<br>
> 1. subscribe <a href="http://artengine.ca/mailman/listinfo/lab" rel="noreferrer" target="_blank">http://artengine.ca/mailman/listinfo/lab</a><br>
> 2. then email <a href="mailto:Lab@artengine.ca">Lab@artengine.ca</a> to send your message to the list<br>
><br>
</span>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" rel="noreferrer" target="_blank">http://www.enigmail.net/</a><br>
<br>
iQIVAwUBVjokGyRVDohC3d3dAQoMwRAAhsJu+WXTAlINzrOxajDdh5jV+SFvv1gi<br>
SDcxeiGQEumRj2qcsg5beu8YyoaPxIjwk7kbxMypEbxw82fYlo/IFe5D7au4mI/a<br>
uOUpCzqCYT2KnSdepzDkb2wZDuTLFvSfCgLJ0vyvW6j8xHx9lMXSoHp/Et6AQ3uH<br>
/KdnNDbBsKNv30YtFArMwVYnZ6JdJ6z4mXoP1X7aEN4q2ELgPVKKZmQ9UJZNkY32<br>
MkKksA0bSp+sVgGWW6gNqMa+I6lzr+eIClRQTeRm7T7oQ80uJyQM52Btwzhf68RQ<br>
A7LQijOi0pJUjEhy/3QAD3N9SwX0afBLuTDQaGJuBvzuuvsBPM3+u8gp4L6CrueJ<br>
Jx45dK44u2z/IsmMqifmR5eBFyNjIxlz/B9XRVXIMo1BlUrIYV2UoJ56qLIRUZQ9<br>
7fOOfZkdOZ2GLOkwVsDErKuUDXgBwFBxOrcLc6LbgahlGb8ht/nrilHzS50Pvyay<br>
n0gXz9t0oCnJLcDIzydIRvj1gEqRzYv9NPRKy4rxGKDZgwWjtAR4apDmMn/66NS6<br>
eE/7Bdd9QeCmTaZqybFHp76vs4AyCJBaGoGS4AeF3qPmr/+brCxOsXLl7C6P0mwG<br>
jxtZX8gZhsjnQsN5SqPW5WzWkN23oQd7RJk3vafam2PWr4EPkzpH+DjtdyRXIbwO<br>
NC4od03mVIg=<br>
=JyGq<br>
-----END PGP SIGNATURE-----<br>
<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
Lab mailing list<br>
1. subscribe <a href="http://artengine.ca/mailman/listinfo/lab" rel="noreferrer" target="_blank">http://artengine.ca/mailman/listinfo/lab</a><br>
2. then email <a href="mailto:Lab@artengine.ca">Lab@artengine.ca</a> to send your message to the list<br>
</div></div></blockquote></div><br></div>