On Jun 3, 2009, at 4:33 PM, Kirke Johnson wrote:
What is bothering me is list owners who want to use their initials
or the list name as list owner passwords. I feel like kind of a
sitting duck when we can't see the passwords they have chosen and
have no way to enforce decent choices.
This
Mark Sapiro writes:
> Thank you Stephen. Your API is clearly better than mine. I appreciate
> the help.
No problem! I will try to get back in touch with the code base; maybe
I can actually contribute a patch
--
Mailman-Users mailing li
Stephen J. Turnbull wrote:
>
>It occurs to me that this API is going to make it hard to provide help
>to users. Maybe CheckPassword's API should be to raise an
>InvalidPasswordError with an appropriate reason, or alternatively to
>return a false value if nothing is wrong with the password, otherwi
Grant Taylor wrote:
>On 6/3/2009 4:33 PM, Kirke Johnson wrote:
>> What is bothering me is list owners who want to use their initials or
>> the list name as list owner passwords. I feel like kind of a sitting
>> duck when we can't see the passwords they have chosen and have no way to
>> enforce
On 6/3/2009 4:33 PM, Kirke Johnson wrote:
What is bothering me is list owners who want to use their initials or
the list name as list owner passwords. I feel like kind of a sitting
duck when we can't see the passwords they have chosen and have no way to
enforce decent choices.
It should be a
We took care of the clear text transmissions, I believe. One of the
first things we did with Mailman was to make sure all web activity
uses https. Similarly, we use SSL for email server authentication and
mail transfer security.
What is bothering me is list owners who want to use their initial
Mark Sapiro writes:
> Adding a hook to a user supplied password checker could be done in 2.2.
> I'll take a look at this idea. How about a default checker that just
> checks for minimum length defined in Defaults.py/mm_cfg.py, but
> overridable by the site. or maybe an mm_cfg.CheckPassword() f
Stephen J. Turnbull wrote:
>
>I think the passwords are also stored in
>clear on the server (those of the list members are, since they appear
>in monthly reminders) but I could be wrong about that.
In Mailman 2.x, user passwords are stored in the clear, but list admin
and moderator and site passw
Kirke Johnson wrote:
>I am concerned that list owners can put insecure admin passwords on
>their lists. My testing suggests that short passwords are accepted as
>well as alpha-only. The only control I have found is the length of
>admin passwords generated by Mailman. I have not located anything
Kirke Johnson writes:
> I am concerned that list owners can put insecure admin passwords on
> their lists. My testing suggests that short passwords are accepted as
> well as alpha-only. The only control I have found is the length of
> admin passwords generated by Mailman. I have not located
I am concerned that list owners can put insecure admin passwords on
their lists. My testing suggests that short passwords are accepted as
well as alpha-only. The only control I have found is the length of
admin passwords generated by Mailman. I have not located anything
else that would enforce
11 matches
Mail list logo
