Great Circle Associates List-Managers
(December 1993)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: listproc passwords
From: "Michael H. Morse" <mmorse @ z . nsf . gov>
Date: Mon, 13 Dec 1993 08:10:16 EST
To: Paul Kleeberg <Paul @ gac . edu>, list-managers @ greatcircle . com
Cc: Dan Boehlke <Dan @ gac . edu>, Kraft @ gac . edu
In-reply-to: Paul@gac.edu (Paul Kleeberg) "listproc passwords" (Dec 12, 9:18pm)

> I can't help but believe this is a security hole.  If others are like me,
> they use only one or two passwords for all the systems they access.  The way
> Listproc *announces* their new password to me when it is reset and then
> stores it in a file unencrypted seems like asking for trouble.

What I do is use two passwords, one for systems that I think are
relatively secure, and one for systems I know nothing about (such as
bbs's and listproc).  

Listproc doesn't really need very tight security, so the author has
tried to strike a balance between administrative and user convenience
and some semblance of security.  The problem is that Listproc commands
are not used very often, so the chance of a user remembering their
password seems remote.  

Nonetheless, perhaps some educational verbage might be appropriate.

--Mike

Indexed By Date Previous: Re: listproc passwords
From: Pres Smith <cons052@titan.ucs.umass.edu>
Next: Re: Listserv/bbs Software
From: mmdfii@heidelberg-emh17.army.mil
Indexed By Thread Previous: Re: listproc passwords
From: Pres Smith <cons052@titan.ucs.umass.edu>
Next: Re: Listserv/bbs Software
From: mmdfii@heidelberg-emh17.army.mil

Google
 
Search Internet Search www.greatcircle.com