Subject: Developers of Sympa
List archive
- From: "Nicolas Brouard" <address@concealed>
- To: <address@concealed>
- Cc: "address@concealed" <address@concealed>
- Subject: RE: [sympa-dev] Encrypted password
- Date: Fri, 2 Feb 2001 13:22:55 +0100
Do you mean that with a reversible encryption asap the list-manager cannot
use it for his own profit?
Log files of passwords are not very fair and must be avoided.
With the solution proposed earlier, which already exists in other web
mailing lists, we escape from these problems. Most of the security problems
come from internal managers not from external hackers.
Nicolas
-----Message d'origine-----
De : address@concealed [mailto:address@concealed]
Envoyé : vendredi 2 février 2001 11:55
À : address@concealed
Cc : address@concealed
Objet : Re: [sympa-dev] Encrypted password
Nicolas Brouard wrote:
> "Password are currently NOT crypted in the database. Considering that most
> people use a single password for almost any usage, this is a security
> problem. It could be crypted with a reversible algorithm, thus allowing
> password reminding. "
>
Yes we will introduce a reversible encryption asap.
> but because I don't trust the local list manager.
If you don't trusted the local listmaster, you will never have a secure
solution
Even HTTPS allow listmaster to add some logs of password in sympa itself.
Serge
--
-----------------------------------------------------------
Serge Aumont Comité Réseaux des Universités
Campus Beaulieu
35042 Rennes Cedex +33 2 998 471 47
-
Re: [sympa-dev] Mots de passe encrypt s,
Olivier LACROIX, 02/01/2001
-
RE: [sympa-dev] Encrypted password,
Nicolas Brouard, 02/01/2001
-
Re: [sympa-dev] Encrypted password,
Aumont, 02/02/2001
- RE: [sympa-dev] Encrypted password, Nicolas Brouard, 02/02/2001
-
Re: [sympa-dev] Encrypted password,
Aumont, 02/02/2001
-
RE: [sympa-dev] Encrypted password,
Nicolas Brouard, 02/01/2001
Archive powered by MHonArc 2.6.19+.