Firewall Wizards mailing list archives
RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw)
From: barry () python org (Barry A. Warsaw)
Date: Mon, 5 Aug 2002 09:57:15 -0400
"PDR" == Paul D Robertson <proberts () patriot net> writes:
PDR> If the Web or mail command allows a password fetch, wouldn't PDR> a link to the password fetching page be better than sending PDR> the actual password? Perhaps. It's an interesting idea. Just remember that every extra step that people need to take to do whatever it is they want to do increases your administrative costs. So again, it's a trade-off, but perhaps a useful one. It would be doable in MM2.1. PDR> Is the decision already set, or can we grumble about it PDR> somewhere easy (like the Wiki at Zope.org perhaps?) mailman-developers () python org is the best forum. PDR> By default, "newlist" mails the list admin their list's PDR> password in every version of mailman I've run- and I just PDR> installed the latest version on a test box to confirm it, PDR> here's a snippet of the output: You're right, I forgot to mention that. newlist (and the MM2.1 web equivalent) can send out the plaintext list admin password because it has it right there -- it's the only place that has access to that password before it's scrambled and stored since the list is being created right there. But there is never a `reminder' of the list admin password. In a sense, /some/ entity has to inform the list owner of the intial password because the person creating the list is often not the person who will be admin'ing the list. If you want to use alternative channels, simply use "bin/newlist -q" or (in MM2.1) turn of the "notify the list owner now" button in the web form. > come from folks who want to unsubscribe. The next version will use > mailback confirmations for unsubscription requests, so most users will > likely never even need their passwords. PDR> Add the ability to eaily add an unsubscribe link to the top PDR> of the list page, and you'll have me owing you beers. Do you mean the listinfo page? More than what's there? The problem here of course is that members don't just forget their passwords, they also forget what address they're subscribed with. ;) So an individual unsub link on a generic web page is problematic. Note though that MM2.1 will support various forms of personalization of list postings. While it increases the load on your system and network, it may be appropriate for some lists and sites. Then, each member can be given a footer containing the url to their personal login page, which has a big unsub button on it. PDR> Getting back to my original discussion with Anton- would you PDR> accept patches in this area if someone wanted to have Mailman PDR> "do the right thing" out of the box with passwords, or is it PDR> pretty much "should be this high to admin Mailman?" DEFAULT_SEND_REMINDERS = 0 in your mm_cfg.py file. PDR> Thanks for your response, No problem. -Barry _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Ousmane Wilane (Aug 04)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Paul D. Robertson (Aug 04)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Barry A. Warsaw (Aug 05)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Paul D. Robertson (Aug 05)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Barry A. Warsaw (Aug 05)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Barry A. Warsaw (Aug 05)
- Message not available
- DNS cache Dave Piscitello (Aug 06)
- Re: DNS cache Martin (Aug 06)
- DNS cache Dave Piscitello (Aug 06)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Paul D. Robertson (Aug 04)