On Monday, November 25, 2002, at 12:48 AM, John W Baxter wrote:
I'm on so many Mailman lists that I can never remember which ones I've chosen passwords for and which I've let the software choose, so whenever I want to change any settings on a list I always mail myself the password.At 1:02 -0500 11/20/2002, Phil Barnett wrote:Sending passwords as plaintext in 2002 is downright negligent considering the
current state of sniffing, monitoring and penetration.
So...we stop calling them passwords.
I'd be happy with randomly generated one-time time-limited (hours? days?) tokens - perhaps somewhat longer Base64 or MD5 hashes - and have the software mail out a URL. I like the idea of sending a URL - users are frequently confused about what they should be doing with the password, if they can just click they'd be happier.
To continue supporting email commands, perhaps have a system of requesting a time-limited token by return email.
Bryan
(finally read the backlog of 800 messages I had on this list - yay!)
_______________________________________________
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers
