Great Circle Associates List-Managers
(December 1993)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: listproc passwords
From: Paul @ gac . edu (Paul Kleeberg)
Date: Sun, 12 Dec 1993 21:18:01 -0600
To: list-managers @ greatcircle . com
Cc: Dan @ gac . edu (Dan Boehlke), Kraft @ gac . edu

I am not a computer system person by training but there is something that has
bugged me that I thought I would bring up to this group.  I apologize if it
has arisen here before.

Our system is using Listprocessor-Version: 6.0 -- ListProcessor by Anastasios
Kotsikonas.  When a new user subscribes, it tells the subscriber to change
their password.  (The password enables them to change their address to a new
one by sending listproc a command.)  The listproc then sends verification of
the changed password to both the subscriber and to the list manager (myself).

I can't help but believe this is a security hole.  If others are like me,
they use only one or two passwords for all the systems they access.  The way
Listproc *announces* their new password to me when it is reset and then
stores it in a file unencrypted seems like asking for trouble.

Thoughts anyone?

Paul
--
Paul Kleeberg, M.D.             |  Paul @
 GAC .
 Edu
Family Practice                 |  Paul @
 GACVAX1
1415 N Washington Ave, #502     |  Voice: 507-931-9046
St. Peter, Minnesota 56082 USA  |  Fax: 507-931-6752


Indexed By Date Previous: How do you deal with postings to "owner-listname"?
From: Alan Millar <amillar @ bolis . sf-bay . org>
Next: Re: listproc passwords
From: Pres Smith <cons052 @ titan . ucs . umass . edu>
Indexed By Thread Previous: How do you deal with postings to "owner-listname"?
From: Alan Millar <amillar @ bolis . sf-bay . org>
Next: Re: listproc passwords
From: Pres Smith <cons052 @ titan . ucs . umass . edu>

Google
 
Search Internet Search www.greatcircle.com