headers
Thomas Winteler | 3 Nov 10:47
Picon
Favicon

Encrypt Admin Passwords


Hey PHPList Dev's

A customer of us was hacked (mysql bug) and the hacker could list all
phplist admin accounts directly from the database.

I checked out this:
http://forums.phplist.com/viewtopic.php?f=24&t=33976&hilit=password+encryption

... and think, DEV's should really encrypt admin passwords...

It's a simple thing, but it has to be done..

There is the option to encrypt user password, maybe per default also
admin passwords should be encrypted in the same way.

Thanks a lot..

kind regards from Switzerland
Thomas

--------------------------------------------------------------
http://www.win-soft.ch - http://www.mytool.ch
--------------------------------------------------------------
Twitter - http://twitter.com/thomi_ch
Facebook - http://www.facebook.com/nilooma
--------------------------------------------------------------
Win-Soft - Web Solution - Thomas Winteler
Website, CMS, eCommerce, OpenERP, OpenSource,...
info <at> win-soft.ch, Tel: +41 71 923 0120
(Continue reading)

Permalink | Reply | 3 comments |
headers
Michiel Dethmers | 3 Nov 14:32
Picon
Favicon

Re: Encrypt Admin Passwords


Hello Thomas

Sorry to hear about the trouble. The development version which is
reasonably stable, has admin password encryption. I'm just waiting for
the design to be finished off, to declare it stable. I have no idea when
that might be. In the meantime, the latest dev version for download is
quite usable.

Michiel

On 03/11/11 06:47, Thomas Winteler wrote:
> Hey PHPList Dev's
>
> A customer of us was hacked (mysql bug) and the hacker could list all
> phplist admin accounts directly from the database.
>
> I checked out this:
> http://forums.phplist.com/viewtopic.php?f=24&t=33976&hilit=password+encryption
>
> ... and think, DEV's should really encrypt admin passwords...
>
> It's a simple thing, but it has to be done..
>
> There is the option to encrypt user password, maybe per default also
> admin passwords should be encrypted in the same way.
>
> Thanks a lot..
>
> kind regards from Switzerland
(Continue reading)

Permalink | Reply | 2 comments |
headers
Thomas Winteler | 4 Nov 06:01
Picon
Favicon

Re: Encrypt Admin Passwords


Good Morning Michiel

Thanks a lot for your feedback, that's good news :)
Have informed my customers and they willb ehappy ;)

Will the new version be available in maybe 3-4 weeks?

Btw. can the dev version be tested anywhere online, w/o installing it
myself? Maybe i can forward it also to my customers for testing...

Have a nice day

Kind regards
Thomas

On 11/03/2011 02:32 PM, Michiel Dethmers wrote:
> 
> Hello Thomas
> 
> Sorry to hear about the trouble. The development version which is 
> reasonably stable, has admin password encryption. I'm just waiting
> for the design to be finished off, to declare it stable. I have no
> idea when that might be. In the meantime, the latest dev version
> for download is quite usable.
> 
> Michiel
> 
> On 03/11/11 06:47, Thomas Winteler wrote:
>> Hey PHPList Dev's
(Continue reading)

Permalink | Reply | 1 comment |
headers
Michiel Dethmers | 4 Nov 13:04
Picon
Favicon

Re: Encrypt Admin Passwords


Hello Thomas

The latest dev code is online at http://dev.phplist.com/lists/admin/
It's an hourly checkout of the repository, or I should say repositories,
because currently phpList is spread across a few svn repos.

However, it's quite different from the latest downloadable dev version.
I don't think it'll be 4 weeks, probably a bit longer.

Michiel

On 04/11/11 02:01, Thomas Winteler wrote:
> Good Morning Michiel
>
> Thanks a lot for your feedback, that's good news :)
> Have informed my customers and they willb ehappy ;)
>
> Will the new version be available in maybe 3-4 weeks?
>
> Btw. can the dev version be tested anywhere online, w/o installing it
> myself? Maybe i can forward it also to my customers for testing...
>
> Have a nice day
>
> Kind regards
> Thomas
>
> On 11/03/2011 02:32 PM, Michiel Dethmers wrote:
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
tarekdj | 16 Nov 16:06
Picon

Reviewing and testing the new phplist admin theme

The phplist dev release have a new admin theme.
The major work is done. There is some retoushing taks to do to finish it.

The idea is to create a request list to speed the process.

Please check the following link http://dev.phplist.com/lists/admin/
and report your requests here https://docs.google.com/spreadsheet/ccc?key=0AjcabFMQ3f5_dDhlMjNyQm1IOUYtT1NGUXE1bzNuYmc&hl=en_US#gid=0

Thanks for helping us finishing the work as soon as possible.

---------------------------------
Djebali Tarek
_______________________________________________
Phplist-developers mailing list
Phplist-developers <at> tincan.co.uk
https://cinnamon.tincan.co.uk/mailman/listinfo/phplist-developers
Permalink | Reply | 6 comments |

Gmane