[Mailman-Developers] config.pck password encryptioninconsistencies
Mark Sapiro
msapiro at value.net
Thu Dec 9 02:58:40 CET 2004
Dave Dewey wrote:
>Quoting Dave Dewey (ddewey at cyberthugs.com):
>
>> Here's the issue I can't solve. It is clear that SOME user passwords in the
>> lists' config.pck file are encrypted, and some aren't. This is within the
>> SAME config.pck, I'm only running one list. When using 'dumpdb' to
>> investigate the the users email/passwords, some of the passwords are
>> definitely clear text. However, others (including all of my own, for
>> various test subscriptions) are encrypted.
>
>More info: it appears that only passwords that were chosen at time of
>subscription are encrypted. If a user then goes in and changes the
>password, it is stored unencrypted in config.pck.
Are you sure they are encrypted and not just encoded (e.g. unicode)?
What do you see in monthly password reminders?
I looked through the code somewhat, particularly the code that produces
password reminders, and I can't see anywhere where there is any
encryption/decryption of passwords going on.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Developers
mailing list