[Haskell] Security problem of email registration page
Thomas Jakway
tjakway at nyu.edu
Tue Feb 27 16:27:39 UTC 2018
...it's true that without HTTPS someone could man-in-the-middle you and
get you to join a secret, ILLEGAL haskell mailing list, for NEFARIOUS
purposes. Some say demons wander those hills, seeking to lure the
unwary to the unhallowed lands of javascript...
On 02/27/2018 08:23 AM, Thomas Jakway wrote:
>
> GNU mailman passwords are explicitly _*NOT*_ secure!
>
> _*DO NOT REUSE MAILING LIST PASSWORDS!*_
>
>
> They ARE stored in plaintext and will be mailed back to you
> periodically on some setups to confirm that you want to remain subscribed.
>
>
> On 02/25/2018 12:44 AM, 姓名 wrote:
>> Hi there,
>>
>> I become aware of the problem that
>> https://mail.haskell.org/mailman/listinfo/haskell send a password to
>> http://mail.haskell.org/cgi-bin/mailman/subscribe/haskell. Probably
>> it means this page will send a password without encryption. Could you
>> use https instead of http, or remove this duplicate page? I had used
>> https://mail.haskell.org/cgi-bin/mailman/listinfo/haskell instead.
>>
>>
>> _______________________________________________
>> Haskell mailing list
>> Haskell at haskell.org
>> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell/attachments/20180227/c9fdb691/attachment.html>
More information about the Haskell
mailing list