Tue, 31 Jan 1995 10:19:34 +0100
|
On Mon, 30 Jan 1995 22:48:42 -0600 Bruce Dienes
<[log in to unmask]> said:
>Is there somewhere that defines what "protected commands" are? It would
>be nice to have a validate setting that checks listowner-level commands,
>but lets user-level commands through. That way people can't get/put the
>header, but individuals could still reset their topics selections, etc.,
>without hassle.
It would be convenient, but it wouldn't be safe. Instead of forging a SET
XXX FOR YYY from the list owner, hackers would just forge a simple SET
XXX from the user. You need the list password to PUT the header even with
the lowest security level.
>What exactly happens when the above setting is used? I assume that every
>command is sent back to the addressee with a request to send the "OK"
>confirmation back to listserv.
Yes.
>Again, if anyone has a list of which commands are "protected" and which
>commands are not (and thus unaffected by the above setting) I would
>appreciate that!
At that level, all commands that modify the list are protected. If you
find a command that modifies the list but isn't protected at the highest
security level, it's a bug and it will be fixed as soon as it is
reported.
Eric
|
|
|