Firewall Wizards mailing list archives
RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw)
From: "Paul D. Robertson" <proberts () patriot net>
Date: Mon, 5 Aug 2002 10:19:36 -0400 (EDT)
On Mon, 5 Aug 2002, Barry A. Warsaw wrote:
Perhaps. It's an interesting idea. Just remember that every extra step that people need to take to do whatever it is they want to do increases your administrative costs. So again, it's a trade-off, but perhaps a useful one. It would be doable in MM2.1.
I'd take the hit- if I can change it, having a more secure default (as Anton was requesting) makes more sense to me. Most of my experiences have been with people who just can't find the unsubscribe stuff on the listinfo page- so far people have been pretty happy to go back and actually do it themselves (I won't manually unsub someone who's not e-mailing from the account they want unsub'd- and it seems that most of them were getting .forwarded so they could get their password and unsubscribe, they just didn't find the link.)
You're right, I forgot to mention that. newlist (and the MM2.1 web equivalent) can send out the plaintext list admin password because it has it right there -- it's the only place that has access to that password before it's scrambled and stored since the list is being created right there. But there is never a `reminder' of the list admin password.
Right, it'd probably be good to have a warning there (we're all security geeks on firewall-wizards, so we tend to worry about these things to the point of obsession ;).) Adding a warning would be good, having someone hit something other than <enter> might be more onerous and counter to the way people usually use the software.
In a sense, /some/ entity has to inform the list owner of the intial password because the person creating the list is often not the person who will be admin'ing the list. If you want to use alternative channels, simply use "bin/newlist -q" or (in MM2.1) turn of the "notify the list owner now" button in the web form.
I use it quite a bit, but only when I have some level of assurance that the mail is going to a mail path that I have some reasonable level of trust in. Personally, I'd prefer a one-time list owner authentication that forced them to change it- so that a compromise didn't have longer ramifications </feature request>.
> come from folks who want to unsubscribe. The next version will use > mailback confirmations for unsubscription requests, so most users will > likely never even need their passwords. PDR> Add the ability to eaily add an unsubscribe link to the top PDR> of the list page, and you'll have me owing you beers. Do you mean the listinfo page? More than what's there? The problem
Yep, and really I mean a specific "enter your e-mail address" link like the last entry box, but at the very top of the page (I understand how the page is organized, but a single line or two for the most missed/used feature would be a good thing to have by default IMO.)
here of course is that members don't just forget their passwords, they also forget what address they're subscribed with. ;) So an individual unsub link on a generic web page is problematic.
Actually, if the default interface just had a link to the bottom section "Click here to unsubscribe or change your subscription options-" it'd be a good thing- I used to add that manually, but it got to be a pain to maintain.
Note though that MM2.1 will support various forms of personalization of list postings. While it increases the load on your system and network, it may be appropriate for some lists and sites. Then, each member can be given a footer containing the url to their personal login page, which has a big unsub button on it.
It'll be interesting to see the difference in delivery time, that's probably worthwhile for most installations.
PDR> Getting back to my original discussion with Anton- would you PDR> accept patches in this area if someone wanted to have Mailman PDR> "do the right thing" out of the box with passwords, or is it PDR> pretty much "should be this high to admin Mailman?" DEFAULT_SEND_REMINDERS = 0 in your mm_cfg.py file.
Actually, I was thinking more of a click/send/reply interface (or maybe a challenge/response thing,) however it sounds like mostly that'll be in 2.1 anyway. Also a "force owner to change thier password" thing would be a good addition- I just want to know if it's worth me spending time in a Python book ;) Also, I think Anton's concern about defaults for the greater good plays in, chaning my config doesn't address that. However, maybe just a "Mailman Security FAQ" would be a good middle step? Thanks again, Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Ousmane Wilane (Aug 04)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Paul D. Robertson (Aug 04)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Barry A. Warsaw (Aug 05)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Paul D. Robertson (Aug 05)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Barry A. Warsaw (Aug 05)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Barry A. Warsaw (Aug 05)
- Message not available
- DNS cache Dave Piscitello (Aug 06)
- Re: DNS cache Martin (Aug 06)
- DNS cache Dave Piscitello (Aug 06)
- RE: Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw) Paul D. Robertson (Aug 04)