Majordomo-Users: Re: Problem is somebody knows the approve password

Majordomo-Users
(May 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Problem is somebody knows the approve password
From:	Lazlo Nibble <lazlo @ swcp . com>
Date:	Mon, 11 May 1998 11:25:50 -0600
To:	mu <majordomo-users @ greatcircle . com>
Mail-followup-to:	mu <majordomo-users@greatcircle.com>

> Perharps, my configuration is not correct, but it seems that when somebody 
> knows the admin_passwd , he is able to do a lot of thing even if he's not 
> the owner of the list. So majordomo doesn't verify who send the approve 
> command.

No it doesn't.  It's a lot easier to forge mail headers than it is to guess
the admin password, so adding the extra check wouldn't buy you any real
security.

If your admin password has leaked out, you should change the password.

-- 
::: Lazlo (lazlo@swcp.com; http://www.swcp.com/lazlo)
::: Internet Music Wantlists: http://www.swcp.com/lazlo/Wantlists

Indexed By Date	Previous:	Re: Problem is somebody knows the approve password From: Jason L Tibbitts III <tibbs@hpc.uh.edu>
Indexed By Date	Next:	precedence From: "david a wahlstrom" <daw@usa.net>
Indexed By Thread	Previous:	Re: Problem is somebody knows the approve password From: Jason L Tibbitts III <tibbs@hpc.uh.edu>
Indexed By Thread	Next:	precedence From: "david a wahlstrom" <daw@usa.net>