LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Don't complain to ME

"F. Leon Wilson" <[log in to unmask]>

Thu, 24 Apr 1997 09:49:29 -0400

TEXT/PLAIN (65 lines)

Les:

I believe your problem may be centered around the

Validate= No | Yes,Confirm,NoPW

command in your header.  Check it, and down grade the control.

As before, the security level of the mailing list is controlled through
the "Validate=" keyword. The contents of this keyword, however, have
changed from earlier versions (the old values are still accepted for
compatibility reasons, but generate a warning with an explanatory message
when you update the list header.  This may change in subsequent versions,
so it is advisable to use the new values). The following security
settiing may be on:

*       "Validate= All,Confirm" and "Validate= All,Confirm,NoPW" (new
levels): all commands causing a change in state, except the PUT command
(which is always password-validated), are validated using the "OK"
mechanism, with or without a password alternative. "Protected" commands
(see above) are included in the class of commands that cause a change of
state. Non-"protected" commands that cause a change in state include SUB
and SET.

On Thu, 24 Apr 1997, Les Moskowitz wrote:

> An unwelcome change in the upgrade from 1.8b to 1.8c has been the
> confirmation requirement for subscription requests which are sent through
> a web browser.  This requirement is imposed automatically and is
> not an option which can be set or removed by a header keyword.
>

                [       [       TEXT CUT        ]       ]
>

>    "Note  that the security  level of the list is under  list owner
>     control,  and that  is the  person  you should  contact if  you
>     have any complaint about security procedures."

This is why I say (from the manual) what I said . .

"Note  that the security  level of the list is under"

sounds like the "Validate= All,Confirm,NoPW"

>
> Now that's really adding insult to injury!!  This aspect of security
> is NOT under my control.  If I'm wrong, then please tell me how to get rid
> of it.  And if I'm right, then at least let me change the text of the
> message so that I won't be blamed for the additional burden.

Try "Validate= NO

"Validate= No" (formerly "Validate= Store only"): all commands except PUT
are taken at face value with no validation. While users are not bothered
with validation requests, the list is totally unprotected from attacks by
hackers. For compatibility reasons, this is the default setting.

NOTE: ==> "the list is totally unprotected from attacks"

F. Leon

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM