[Mailman-Developers] Hashing member passwords in config.pck

Tobias Eigen tobias at kabissa.org
Thu Feb 10 17:36:10 CET 2005 

Ah - I had forgotten the ~mailman/bin/withlist script. Sorry, folks,  
still just getting back into Mailman. If it works as advertised, then I  
also vote for the changes Barry is recommending. It makes Mailman  
completely compatible with the type of CMS integration I'm describing.  
Joel's point about passwords being one-way "You put it in, and you  
can't get it back" is perfectly true.

Cheers,

Tobias

On Feb 10, 2005, at 11:17 AM, Tobias Eigen wrote:

> Hi Barry,
>
> While you're on this subject, I was intrigued by the password  
> resetting script but was disappointed that there is no way to actually  
> configure the password on the command-line. I was thinking this would  
> enable integration of Mailman subscriptions into an existing user  
> database (i.e. via a nightly cron). If you use a commonly used  
> encryption, then doing this on the command line shouldn't pose any  
> security issues. On Kabissa this would be a key aspect to making  
> Mailman continue to work as our list manager of choice for e-mail  
> newsletters and discussions in our CMS of choice, Mambo Open Source.
>
> Then again, if you're thinking of rewriting how passwords are kept,  
> perhaps it might be useful to think about using a different type of  
> container anyway, one that works with other, more sophisticated user  
> management systems like those that come with CMSs. I.e. LDAP or simply  
> mysql.
>
> And this, plus the CAN prefix to the patch name, reminds me: correct  
> me if I'm wrong, but my understanding is that Mailman as it exists  
> does not comply with the new (unfortunately named) CAN SPAM act.  
> According to this act, a recipient of an email from a given site has  
> to be able to opt out from receiving ANY MAIL from that site. Right  
> now all mailman lists are treated completely separately, and nobody  
> (not even the subscriber) can easily find out which lists subscribers  
> are subscribed to. What I envision having in my Mailman/Mambo system  
> is a single user database with one password per username for all  
> services. Users can then go to a simple preferences page on Mambo and  
> do basic things like change their email address or password, tick a  
> box to opt in/out of various mailings, and in particular opt to  
> receive no mail at all. Other Mambo components would handle reading  
> forums and newsletters online and enable users to  
> subscribe/unsubscribe to them.
>
> If anybody's got any suggestions on how to achieve this or is  
> interested in working with us to develop this functionality, let me  
> know.
>
> Cheers,
>
> Tobias
>
> On Feb 10, 2005, at 10:02 AM, Barry Warsaw wrote:
>
>> I think CAN-2005-0202 gives us the opportunity to finally implement  
>> what
>> we have long considered an embarrassing exposure in Mailman's  
>> config.pck
>> databases.  Member passwords are kept in this database in the clear.
>> The obvious fix is to hash member passwords and keep only the hash in
>> the database.
>>
>> We haven't changed this before now for two reasons:
>>
>> 1. We would have to regenerate all member passwords, which is an
>> administrative burden.  We might also need to implement checks to see  
>> if
>> the passwords were cleartext or hashed and do the password comparison
>> accordingly.
>>
>> 2. This breaks all password reminders.
>>
>> To fully address CAN-2005-0202 we're recommending sites regenerate  
>> their
>> member passwords anyway, so this gives us an opening to fix this
>> properly.  And we have a better internal password generator now too.
>>
>> As for #2, well, I think most people hate those password reminders
>> anyway, and we've decided that they are going away for MM3.  I don't
>> think many people would shed too many tears if we killed off monthly
>> password reminders for 2.1.6.  Doing that would also eliminate the
>> requirement for the site list, since its primary purpose is to  
>> function
>> as the sender of the reminder messages.
>>
>> To do this for 2.1.6, we'd have to change the "Email My Password To  
>> Me"
>> feature in the options page and in the member login page.  These would
>> have to become a "create a new password for me" feature.  Also,
>> crontab.in should not call mailpasswds anymore, or that script should
>> turn into a simple "here's the lists you are on" reminder, without the
>> password information in it.  This will require i18n updates too.
>>
>> The downside to doing this now is that it's more coding work for 2.1.6
>> and I'd like to get the new version out asap.  Still, this seems like  
>> an
>> opportunity that we shouldn't lightly dismiss.
>>
>> What do you all think?  Is anybody willing to take a crack at a patch
>> for this?
>>
>> -Barry
>>
>> _______________________________________________
>> Mailman-Developers mailing list
>> Mailman-Developers at python.org
>> http://mail.python.org/mailman/listinfo/mailman-developers
>> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
>> Searchable Archives:  
>> http://www.mail-archive.com/mailman-users%40python.org/
>> Unsubscribe:  
>> http://mail.python.org/mailman/options/mailman-developers/ 
>> tobias%40kabissa.org
> --
> Tobias Eigen
> Executive Director
>
> Kabissa - Space for Change in Africa
> http://www.kabissa.org
>
> * Kabissa's vision is for a socially, economically, politically, and  
> environmentally vibrant Africa, supported by a strong network of  
> effective civil society organizations. *
>
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives:  
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:  
> http://mail.python.org/mailman/options/mailman-developers/ 
> tobias%40kabissa.org
>
--
Tobias Eigen
Executive Director

Kabissa - Space for Change in Africa
http://www.kabissa.org

* Kabissa's vision is for a socially, economically, politically, and  
environmentally vibrant Africa, supported by a strong network of  
effective civil society organizations. *

More information about the Mailman-Developers mailing list