On    Mon,     30    Jan    1995    22:48:42     -0600    Bruce    Dienes
<[log in to unmask]> said:
 
>Is there somewhere that defines  what "protected commands" are? It would
>be nice to have a validate setting that checks listowner-level commands,
>but lets user-level commands through.  That way people can't get/put the
>header, but individuals could still reset their topics selections, etc.,
>without hassle.
 
It would be convenient, but it wouldn't be safe. Instead of forging a SET
XXX FOR YYY  from the list owner,  hackers would just forge  a simple SET
XXX from the user. You need the list password to PUT the header even with
the lowest security level.
 
>What exactly happens when the above setting is used? I assume that every
>command is sent  back to the addressee  with a request to  send the "OK"
>confirmation back to listserv.
 
Yes.
 
>Again, if anyone has a list  of which commands are "protected" and which
>commands are  not (and  thus unaffected  by the  above setting)  I would
>appreciate that!
 
At that  level, all commands that  modify the list are  protected. If you
find a command that modifies the  list but isn't protected at the highest
security  level, it's  a  bug and  it  will be  fixed as  soon  as it  is
reported.
 
  Eric