[OWASP-Security101] Security101 Digest, Vol 2, Issue 4
bill at pointweb.net
Wed Mar 14 01:59:38 UTC 2012
On Tue, Mar 13, 2012 at 8:35 PM, <security101-request at lists.owasp.org> wrote:
> Yes, its good to adhere to best security practices at all times. Understanding the full threat model and risks throughout the system also help prioritize where security improvements should be spent. For instance, we certainly shouldn't send passwords over email, but as we see from all systems, password resets are often sent over email. The difference is that these are single use tokens with rapid expiration times, but it still points to the larger issue that it's tough to build a secure communication if we're all over unencrypted email.
My problem is that if MailMan sends the email in plaintext, it stores
it in plaintext. Now, I remember that from my Unix Admin days, but
that was back in 1992. Surely there is a better way these days.
More information about the Security101