[wp-hackers] Plain text Password?!

Tiago Relvao trelvao at workmedia.pt
Mon Feb 1 11:56:24 UTC 2010


Stating that some mailling lists using mailman work this way isn't much 
of an argument to suport this beaviour. The question is: should it work 
this way? Would you as a developer suport the use of plain text 
passwords in any of your projects?

It really doesn't matter if it's a valuable password or not. It's MY 
password and it shouldn't be visible to anyone. Not even the mailling 
list administrator.

I did a quick search and found that some people took the effourt to 
change mailman default behaviour. This list works the way it does just 
because either the people enroled are unaware of the situation or they 
are OK with it. It's not because this is the way mailman must work. 
Neverteless, I already change my options and disabled the monthly 
reminder (thanks Jeremy).


Jeremy Visser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/02/10 22:26, Tiago Relvao wrote:
>   
>> I just received a mailing list memberships reminder from automattic.  It
>> seems automattic is saving my password in plain text! Why?
>>
>> I hope the mailman-owner would change this or, at the very least, stop
>> sending me my password by e-mail.
>>     
>
> Almost all public mailing lists behave this way. Indeed, this is the
> default behaviour of Mailman.
>
> Besides, you're probably concerned because you used one of your valuable
> passwords as your mailing list password. Can I just say that is a Bad
> Idea (tm).
>
> If you leave the password field blank, an auto-generated throwaway
> password is automatically generated for you when you subscribe.
>
> And if you really are that emotionally attached to using one of your
> valuable passwords as your mailing list password, you can simply turn
> off the password notification e-mails on the Mailman options. :)
>
> Cheers,
> Jeremy.
>
> Click on the link down below to change options...
>
>    _
>    |
>    |
>    |
>    v
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAktmu1QACgkQvs6Qqs8TxBqrbQCgr9WDQV4XXH1fTAQ+YG9BW+rG
> tOgAnR7B7uifsezp1i6KHO+l5zmwiw+r
> =lHV2
> -----END PGP SIGNATURE-----
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>   

-- 
TI Workmedia (webdevelopment)
e-mail: ti at workmedia.pt
Tel. +351 210 410 394



More information about the wp-hackers mailing list