I just received my hogranch.com mailing list memberships reminder (sent
monthly) for prime and was dismayed to be reminded of my password in clear.
This is an extremely bad practice, as it means that all the passwords are
stored on the hogranch.com server in clear.
Its a Mailman password, its ONLY used for accessing your Mailman subscription options. not exactly something hackers can make much mischief from...
As any system administrator (I am not one) should know, the password should
encoded at the client's end and there should be sent to the server that way.
If someone forgets their password, they should be mailed a temporary one
which they should have to change immediately.
I don't feel up for rewriting Mailman. http://list.org/, its all open source, have at it, I'm sure they'll appreciate the effort.
btw, I hope you never use FTP or TELNET or POP3... those protocols all send passwords in plaintext too, and those passwords are more likely to be something important.
The net is a dangerous place and this should be corrected as soon as possible. At a minimum, stop sending out the monthly reminders starting immediately.
you may disable the reminders, and change your password on the Subscriber options page via http://hogranch.com/mailman/options/prime ... note they suggest you do NOT use a 'important' password as its not a high security system, its just a mail list.
_______________________________________________ Prime mailing list [EMAIL PROTECTED] http://hogranch.com/mailman/listinfo/prime
