At 12:19 PM -0800 4/4/97, Jason L Tibbitts III wrote:
>Someone has asked me to include in the new password scheme the possibility
>to bind passwords to addresses, so that a particular address (after
>transforms and aliases are applied) is the only one allowed to use a
>password. I want to know what everyone thinks.
Actually, I would have use for both. On some of the internal projects
I've been asked to build, limiting administrative action to a single
account and validating that account via a password would be high on my
list. In other situations, anyone who has the password can be validated.
I have groups that make use of lists where the controlling person
changes from project to project and one person might be involved in
multiple project/lists at a time. They do, for better or worse,
sometimes hand passwords around, and also, for better or worse,
sometimes step on each other by tweaking the wrong list. This gives me
a way to help control those aspects without giving out fifty passwords,
which would only encourage them to write them down and pass them
around. I can set a group-level password for the lists, and then
validate by e-mail address, rather than one password for each list.
(and then management have an overriding password as needed...)
On the other hand, if it meant always tying a password to an address,
I'd do without. For most purposes, the password is enough for me.
Fortunately, I'm not as worried about outsiders hacking my lists as I
am insiders making sloppy mistakes, but the password scheme is nice in
both cases most of the time. Optional addresses would improve a couple
of niche areas for me, but not enough to warrant screwing up the
Chuq Von Rospach (email@example.com) Apple IS&T Mail List Gnome
Plaidworks Consulting (firstname.lastname@example.org) <http://www.plaidworks.com/>
(<http://www.plaidworks.com/hockey/> +-+ The home for Hockey on the net)