We took care of the clear text transmissions, I believe. One of the
first things we did with Mailman was to make sure all web activity
uses https. Similarly, we use SSL for email server authentication and
mail transfer security.
What is bothering me is list owners who want to use their initials or
the list name as list owner passwords. I feel like kind of a sitting
duck when we can't see the passwords they have chosen and have no way
to enforce decent choices.
Thanks for your interest and thoughts as to how Mailman might be
enhanced in this area!
At 06:48 PM 6/2/2009, you wrote:
Kirke Johnson writes:
> I am concerned that list owners can put insecure admin passwords on
> their lists. My testing suggests that short passwords are accepted as
> well as alpha-only. The only control I have found is the length of
> admin passwords generated by Mailman. I have not located anything
> else that would enforce even minimal password security.
>
> Am I missing something here?
No, except that there are other security issues with all Mailman
passwords. Specifically, that these transactions are conducted over
unencrypted channels anyway.
----------------------------------------------------------------------
Kirke Johnson Internet: kjohn...@pcc.edu
Email Administrator, TSS , Sylvania Campus http://www.pcc.edu/
Portland Community College, Portland, OR, USA (503) 977-4368
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
