There seems to be a major security leak in the system here at sjuvm.stjohns.edu
and I do not know if it is unique to this system or more widespread.
When I make a change to the list header (for example) I am given the option
of saving the password to disk and I usually do this. The problem is that
when I make a change, the password is echoed to the screen so that anyone
passing by can see it.
Unfortunately, that is not the most serious problem. When I do an LSVPUT
I will be asked for a password and ANYTHING I use will work and be recorded
to disk. There does not seem to be any mechanism requiring me to type my
old password. Is there some setting I am not making to improve the security?
Bob Zenhausern, Ph.D. Internet: [log in to unmask]
St. John's University Unibase: [log in to unmask]
SB 15 Marillac Phone: 718-990-6447
Jamaica, NY 11439 Fax: 718-990-6705