On  7 Oct 97, Automatic digest processor wrote:

> As with anything physically placed on the web, it will be prone to
> multiple security problems which will need to be worked out very
> carefully, if indeed they can be worked out at all.  Myself, I would be
> weary of using such a web interface, and I would be weary of somebody
> using the web interface in my name.  The potential for security problems
> with such a utility would be enormous.

Up until about a month ago, I have been running my lists on 1.8c web full web
interface (including list management -- now we are on 1.8d-beta)  I can assure
you that the chance of a web break-in is very, very minimal.  First of all, you
need a personal password (not list password) set either the usual way or via the
web interface.  If you use the web interface to either set your password or
change it, a confirmation message is send to your email address that you log
onto with (it does not "read" your identity from the browser as is done using
active-x) Your email address you sign in with MUST be the one that you are
listed in the header with.  About the only way to compromise your password would
be to set a cookie in your browser (an available feature)  If the only place you
log on from is home, then even this should not be a problem.  With me, I can use
the web interface from work (through the firewall), and with AOL and MSN while
on the road from any computer (again, I do not save a cookie with my password or
logon)  When I'm away, it sure beats loggin on using a terminal program and then
trying to remember the syntax to whatever command I'm trying to use.  At first,
there was a few members of our group who voiced the same objections/concerns
that you have, but now, I haven't heard a single objection or theorized possible
breech of security in months.  Now, if they'd just hurry up and publish a manual
on the system!

Liz Marr
Administrator, SAR-Dogs discussion list
Technical Administrator, Protection-Dogs-L discussion list
[log in to unmask]