[wplug-erie] Plaintext passwords sent in monthly bounces
Bill Moran
wmoran at potentialtech.com
Sat May 1 16:59:53 EDT 2004
Just Bill wrote:
> I see that myself, but I"m not the one who takes care of it.
>
> Bill
> www.justbill.org
>
> unless you meant the other Bill that has been on recently, but he
> doesn't take care of it either.
I have administrative access to wplug-bsd at wplug.org, but not the wplug-erie ...
Looking over the config (since both lists are on the same server) the only
option I see is to diable these monthly alerts altogether. I can't find any
option to simply send them without a password.
On the flip side ... don't take this as criticism, but it's not wise to use
the same password for any mailing list that you use for anything important.
The Mailman interface that you use to subscribe/unsubscribe (for example) is
not https, thus you're sending your password in the clear whenever you log
in/out anyway. Use a disposable password.
> On Sat, 2004-05-01 at 10:19, Cliff Friedel wrote:
>
>>Bill,
>>
>>This is Cliff Friedel. I met you at a client's site a little while ago
>>and started lurking on the list. Not sure if you are the guy I should
>>tell this to, but wanted to let you know that the monthly reminder is
>>sending out our unencrypted passwords via email. Could you please not
>>do this (as it isn't secure and I occasionally have others read my
>>mail).
>>
>>Thanks. Hope to come to a meeting soon.
>>
>>Cliff Friedel
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the wplug-erie
mailing list