[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers] rattaching mailing list to savannah
From: |
Loic Dachary |
Subject: |
Re: [Savannah-hackers] rattaching mailing list to savannah |
Date: |
Fri, 2 Mar 2001 11:56:27 +0100 (CET) |
Guillaume Morin writes:
> Dans un message du 01 Mar à 22:19, Mark H. Weaver écrivait :
> > Hmm. Would this admin password would go over in cleartext? If so, I'd
> > prefer to see you use ssh.
>
> Well, I have nothing against that. But, I planned to install this cgi
> just as other Mailman cgi. So it will have the same security measures as
> other Mailman cgi. If you look at
> http://mail.gnu.org/mailman/admin/autoconf-patches for example, you'll
> see that the admin password is sent as clear text.
>
> So maybe, it is not necessary to protect only this operation...
I agree. Clear text password is not good but if it's common practice for
mailman at present it's probably not a good idea to try to change this now.
Is there a mailman patch or some guidelines to deal with this issue ?
Cheers,
--
Loic Dachary http://www.dachary.org/ address@hidden
24 av Secretan http://www.senga.org/ address@hidden
75019 Paris Tel: 33 1 42 45 09 16 address@hidden
GPG Public Key: http://www.dachary.org/loic/gpg.txt