Mailing list reminders send plain-text password

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Mailing list reminders send plain-text password

Guyren Howe
I am getting a monthly mailing list reminder, containing my password  
in plain text.

Is there any way to stop having my password sent to me in plain text?
_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list reminders send plain-text password

Steven Elkins
On 3/1/07, Guyren Howe <[hidden email]> wrote:
> I am getting a monthly mailing list reminder, containing my password
> in plain text.
>
> Is there any way to stop having my password sent to me in plain text?

The same email should have a link to your list membership
configuration page.  One of the options is...

    Get password reminder email for this list?

Not sure it's exactly what you want.

HTH,
Steve


--
How wonderful it is that nobody need wait a single moment
before starting to improve the world.       -- Anne Frank
Paradise is exactly where you are
right now...only much, much better.    -- Laurie Anderson
_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list reminders send plain-text password

François Schnell-2
Hello,

I also subscribed to many mailman malling-list and I've just checked them. A lot of them show a clear password at the end of the reminder but not all of them send this reminder mail.

I had a quick look at the mailman admin doc:
"""
This document is intended for persons who have the responsibility of managing mail lists that are being run by the GNU Mailman mail list manager. Note that this document is not intended for people who are only list members
"""
http://staff.imsa.edu/~ckolar/mailman/mailman-administration-v2.html

and there's a parameter it seems the admin can set:

"""
Send monthly password reminders or no? Overrides the previous option. When set to yes, list members will receive an automatically generated monthly posting reminding them of their password as well as the URLs to access their list configuration options. This will save you're a lot of time as administrator as it will let users solve a lot of their own problems.
""""
I can really understand why admins want to leave this by default, mainly to avoid dealing with new users who haven't understand yet how to manage and get-out of a malling list.

Even if it's possible for the user to change this behavior in his account I don't like this  for security reasons.

I've never seen that my passwords was sent in this mails: the mails are called  "mailing list memberships reminder" and I already know I'm a mailing list member and so I have no reasons to check this. Mailman should  call this  "mailing list memberships and *clear password* reminder"  IMO.

On the mailman mailing-lists which doesn't send me the clear reminder by default there's the list address link at the end of the mail which I believe is far sufficient (users can there retrieve their password if they really forgot it and they know what to expect and when in their mailbox).

Anyway, thanks Guyren and Steven for the awareness. Next time I'll subscribe to a list I'll also be also more cautious :)

francois


Wow, Thanks Steven and Guyren,


On 3/2/07, Steven Elkins <[hidden email]> wrote:
On 3/1/07, Guyren Howe <[hidden email]> wrote:
> I am getting a monthly mailing list reminder, containing my password
> in plain text.
>
> Is there any way to stop having my password sent to me in plain text?

The same email should have a link to your list membership
configuration page.  One of the options is...

    Get password reminder email for this list?

Not sure it's exactly what you want.

HTH,
Steve


--
How wonderful it is that nobody need wait a single moment
before starting to improve the world.       -- Anne Frank
Paradise is exactly where you are
right now...only much, much better.    -- Laurie Anderson
_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland


_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list reminders send plain-text password

Michael Rueger-3
francois schnell wrote:
> Hello,
>
> I also subscribed to many mailman malling-list and I've just checked
> them. A lot of them show a clear password at the end of the reminder but
> not all of them send this reminder mail.
...

> I've never seen that my passwords was sent in this mails: the mails are
> called  "mailing list memberships reminder" and I already know I'm a
> mailing list member and so I have no reasons to check this. Mailman
> should  call this  "mailing list memberships and *clear password*
> reminder"  IMO.

As you already mentioned, this is something that is common to all
mailman installations, so not a squeakland specific "problem".

As a general hint: it is generally not a good idea to use a password for
mailing lists that is also used for other (real) accounts.

Michael

_______________________________________________
Squeakland mailing list
[hidden email]
http://squeakland.org/mailman/listinfo/squeakland