[Mailman-Developers] Hashing member passwords in config.pck
Tobias Eigen
tobias at kabissa.org
Thu Feb 10 17:36:10 CET 2005
Ah - I had forgotten the ~mailman/bin/withlist script. Sorry, folks,
still just getting back into Mailman. If it works as advertised, then I
also vote for the changes Barry is recommending. It makes Mailman
completely compatible with the type of CMS integration I'm describing.
Joel's point about passwords being one-way "You put it in, and you
can't get it back" is perfectly true.
Cheers,
Tobias
On Feb 10, 2005, at 11:17 AM, Tobias Eigen wrote:
> Hi Barry,
>
> While you're on this subject, I was intrigued by the password
> resetting script but was disappointed that there is no way to actually
> configure the password on the command-line. I was thinking this would
> enable integration of Mailman subscriptions into an existing user
> database (i.e. via a nightly cron). If you use a commonly used
> encryption, then doing this on the command line shouldn't pose any
> security issues. On Kabissa this would be a key aspect to making
> Mailman continue to work as our list manager of choice for e-mail
> newsletters and discussions in our CMS of choice, Mambo Open Source.
>
> Then again, if you're thinking of rewriting how passwords are kept,
> perhaps it might be useful to think about using a different type of
> container anyway, one that works with other, more sophisticated user
> management systems like those that come with CMSs. I.e. LDAP or simply
> mysql.
>
> And this, plus the CAN prefix to the patch name, reminds me: correct
> me if I'm wrong, but my understanding is that Mailman as it exists
> does not comply with the new (unfortunately named) CAN SPAM act.
> According to this act, a recipient of an email from a given site has
> to be able to opt out from receiving ANY MAIL from that site. Right
> now all mailman lists are treated completely separately, and nobody
> (not even the subscriber) can easily find out which lists subscribers
> are subscribed to. What I envision having in my Mailman/Mambo system
> is a single user database with one password per username for all
> services. Users can then go to a simple preferences page on Mambo and
> do basic things like change their email address or password, tick a
> box to opt in/out of various mailings, and in particular opt to
> receive no mail at all. Other Mambo components would handle reading
> forums and newsletters online and enable users to
> subscribe/unsubscribe to them.
>
> If anybody's got any suggestions on how to achieve this or is
> interested in working with us to develop this functionality, let me
> know.
>
> Cheers,
>
> Tobias
>
> On Feb 10, 2005, at 10:02 AM, Barry Warsaw wrote:
>
>> I think CAN-2005-0202 gives us the opportunity to finally implement
>> what
>> we have long considered an embarrassing exposure in Mailman's
>> config.pck
>> databases. Member passwords are kept in this database in the clear.
>> The obvious fix is to hash member passwords and keep only the hash in
>> the database.
>>
>> We haven't changed this before now for two reasons:
>>
>> 1. We would have to regenerate all member passwords, which is an
>> administrative burden. We might also need to implement checks to see
>> if
>> the passwords were cleartext or hashed and do the password comparison
>> accordingly.
>>
>> 2. This breaks all password reminders.
>>
>> To fully address CAN-2005-0202 we're recommending sites regenerate
>> their
>> member passwords anyway, so this gives us an opening to fix this
>> properly. And we have a better internal password generator now too.
>>
>> As for #2, well, I think most people hate those password reminders
>> anyway, and we've decided that they are going away for MM3. I don't
>> think many people would shed too many tears if we killed off monthly
>> password reminders for 2.1.6. Doing that would also eliminate the
>> requirement for the site list, since its primary purpose is to
>> function
>> as the sender of the reminder messages.
>>
>> To do this for 2.1.6, we'd have to change the "Email My Password To
>> Me"
>> feature in the options page and in the member login page. These would
>> have to become a "create a new password for me" feature. Also,
>> crontab.in should not call mailpasswds anymore, or that script should
>> turn into a simple "here's the lists you are on" reminder, without the
>> password information in it. This will require i18n updates too.
>>
>> The downside to doing this now is that it's more coding work for 2.1.6
>> and I'd like to get the new version out asap. Still, this seems like
>> an
>> opportunity that we shouldn't lightly dismiss.
>>
>> What do you all think? Is anybody willing to take a crack at a patch
>> for this?
>>
>> -Barry
>>
>> _______________________________________________
>> Mailman-Developers mailing list
>> Mailman-Developers at python.org
>> http://mail.python.org/mailman/listinfo/mailman-developers
>> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
>> Searchable Archives:
>> http://www.mail-archive.com/mailman-users%40python.org/
>> Unsubscribe:
>> http://mail.python.org/mailman/options/mailman-developers/
>> tobias%40kabissa.org
> --
> Tobias Eigen
> Executive Director
>
> Kabissa - Space for Change in Africa
> http://www.kabissa.org
>
> * Kabissa's vision is for a socially, economically, politically, and
> environmentally vibrant Africa, supported by a strong network of
> effective civil society organizations. *
>
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> http://mail.python.org/mailman/options/mailman-developers/
> tobias%40kabissa.org
>
--
Tobias Eigen
Executive Director
Kabissa - Space for Change in Africa
http://www.kabissa.org
* Kabissa's vision is for a socially, economically, politically, and
environmentally vibrant Africa, supported by a strong network of
effective civil society organizations. *
More information about the Mailman-Developers
mailing list