Sat, 12 Nov 1994 01:19:48 +0100
|
On Fri, 11 Nov 1994 15:27:50 -0500 Roger Burns <[log in to unmask]>
said:
>I have a confidential list which I presumed was unknown to
>non-subscribers. However, this list's FILELIST appears in the public
>LISTSERV FILELIST and so is publicly known. Is there a way to have a
>confidential list which has its own FILELIST, but whose FILELIST does
>not appear in the publicly readable LISTSERV FILELIST?
You don't have to list the filelist in LISTSERV FILELIST. However, if you
don't, users will have to specify the list name as a third parameter
every time they order a file from the server.
>Another question: I note that if I set Notebook= Owner, then people who
>send in REVIEW <listname> will get the header of my list's control file.
>Is there a way to block the public from getting even the header of the
>that file (which shows the list-owners' addresses)?
If the list is set to "Confidential= Yes", nothing is sent at all. I
suggest you check for typos, and GET/PUT the header so that it is
examined by the header parser and syntax errors are reported to you. If
the list was created before that feature was introduced, any value would
be accepted with unpredictable results.
>Also, do I understand correctly that setting Validate= All merely
>regulates those commands (except SUB) which alter the subscription base,
>and that anyone (who appears to be) sending from an authorized address
>can get notebook logs? Is there any way to prevent hackers who can forge
>originating addresses from accessing notebook logs?
If the list is confidential, hackers can't access logs because the GIVE
command and file redirection options are disabled. They can always fake
mail and cause one of the subscribers to get a copy of the log, but they
can't access the logs themselves.
Eric
|
|
|