Security problem of email registration page

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Security problem of email registration page

姓名
Hi there,

I become aware of the problem that https://mail.haskell.org/mailman/listinfo/haskell send a password to http://mail.haskell.org/cgi-bin/mailman/subscribe/haskell. Probably it means this page will send a password without encryption. Could you use https instead of http, or remove this duplicate page? I had used https://mail.haskell.org/cgi-bin/mailman/listinfo/haskell instead.

_______________________________________________
Haskell mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell
Reply | Threaded
Open this post in threaded view
|

Re: Security problem of email registration page

Thomas Jakway

GNU mailman passwords are explicitly NOT secure!

DO NOT REUSE MAILING LIST PASSWORDS!


They ARE stored in plaintext and will be mailed back to you periodically on some setups to confirm that you want to remain subscribed.


On 02/25/2018 12:44 AM, 姓名 wrote:
Hi there,

I become aware of the problem that https://mail.haskell.org/mailman/listinfo/haskell send a password to http://mail.haskell.org/cgi-bin/mailman/subscribe/haskell. Probably it means this page will send a password without encryption. Could you use https instead of http, or remove this duplicate page? I had used https://mail.haskell.org/cgi-bin/mailman/listinfo/haskell instead.


_______________________________________________
Haskell mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell


_______________________________________________
Haskell mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell
Reply | Threaded
Open this post in threaded view
|

Re: Security problem of email registration page

Thomas Jakway

...it's true that without HTTPS someone could man-in-the-middle you and get you to join a secret, ILLEGAL haskell mailing list, for NEFARIOUS purposes.  Some say demons wander those hills, seeking to lure the unwary to the unhallowed lands of javascript...


On 02/27/2018 08:23 AM, Thomas Jakway wrote:

GNU mailman passwords are explicitly NOT secure!

DO NOT REUSE MAILING LIST PASSWORDS!


They ARE stored in plaintext and will be mailed back to you periodically on some setups to confirm that you want to remain subscribed.


On 02/25/2018 12:44 AM, 姓名 wrote:
Hi there,

I become aware of the problem that https://mail.haskell.org/mailman/listinfo/haskell send a password to http://mail.haskell.org/cgi-bin/mailman/subscribe/haskell. Probably it means this page will send a password without encryption. Could you use https instead of http, or remove this duplicate page? I had used https://mail.haskell.org/cgi-bin/mailman/listinfo/haskell instead.


_______________________________________________
Haskell mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell



_______________________________________________
Haskell mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell