At 10:47 AM 6/17/98 -0400, you wrote: > >Now while the this new user cannot manage the list (I'm assuming because the email address >isn't one of the listed owners) it does cause me a bit of concern because the person can >get to the list management form for managing subscribers, edit headers and templates,etc. > While it's true that someone can "get to the list management form" with their password, they cannot add/delete subscribers, or even view the list headers and templates, let alone change them. An unsavory individual can sit and stare at the list management screen all day, but he's never going to be able to see any of your list information (other than the list name) unless added as an owner. >My $0.02. Requests for passwords should be sent to either the list owner or the site >owner. Also, if the person cannot manage the list then their request to login should be >denied at the login required page and not after they attempt to manage a list. I'll agree that the mechanism is sort of odd. But I don't see that it poses any sort of threat to your list's security. --Liam Kelly