On Fri, 11  Nov 1994 15:27:50 -0500  Roger Burns <[log in to unmask]>
said:
 
>I  have   a  confidential   list  which  I   presumed  was   unknown  to
>non-subscribers.  However, this  list's FILELIST  appears in  the public
>LISTSERV FILELIST  and so is  publicly known. Is there  a way to  have a
>confidential list  which has its  own FILELIST, but whose  FILELIST does
>not appear in the publicly readable LISTSERV FILELIST?
 
You don't have to list the filelist in LISTSERV FILELIST. However, if you
don't, users  will have  to specify  the list name  as a  third parameter
every time they order a file from the server.
 
>Another question: I note that if  I set Notebook= Owner, then people who
>send in REVIEW <listname> will get the header of my list's control file.
>Is there a way  to block the public from getting even  the header of the
>that file (which shows the list-owners' addresses)?
 
If the  list is  set to "Confidential=  Yes", nothing is  sent at  all. I
suggest  you check  for  typos, and  GET/PUT  the header  so  that it  is
examined by the  header parser and syntax errors are  reported to you. If
the list was created before that  feature was introduced, any value would
be accepted with unpredictable results.
 
>Also,  do  I understand  correctly  that  setting Validate=  All  merely
>regulates those commands (except SUB) which alter the subscription base,
>and that anyone  (who appears to be) sending from  an authorized address
>can get notebook logs? Is there any way to prevent hackers who can forge
>originating addresses from accessing notebook logs?
 
If the list  is confidential, hackers can't access logs  because the GIVE
command and file  redirection options are disabled. They  can always fake
mail and cause one of the subscribers to  get a copy of the log, but they
can't access the logs themselves.
 
  Eric