On Thu, 10 Oct 1991 10:41:43 EDT "Lisa M. Covi" <COVI@BITNIC> said:
>Here are some more questions about setting up lists:
>
>1. What does the PW= key actually prevent? When a list doesn't have a
> PW= key, I get a nasty message telling me that unauthorized users can
> change my headings, but I tried to get, set options, etc from an
> unauthorized ID and I couldn't. Where's the security hole?
If a list has no password, LISTSERV can't check the password, so any
password is accepted. If you try from an unauthorized ID it will not
work, but since any unauthorized ID can send commands on behalf of
COVI@BITNIC with a minimum knowledge of BSMTP, any knowledgeable user on
the network can trash your list.
>2. Similarly, using lsvput as a LISTSERV postmaster, I am prompted for a
> password to a list that has no PW= heading. I have typed random
> passwords and they are accepted and the update is applied. Why does
> this work?
Well what should it do, accept only blank passwords?
>3. Does Validate=All Commands prevent users from just unsubscribing and
> setting options (for their own ID only I assume)? Is there something
> else they can do with Store only? Does this have to do with
> filelists?
This prevents any unauthenticated update to the list, with the exception
of a few unimportant things which do not affect the operation of the list
or subscription, such as acknowledgement level, REPRO, and so on. This
has nothing to do with filelists.
>4. What program uses the X-tags? My list owners wonder what the
> advantages are to keeping them or putting them in a comment header.
They are for information only. Putting them as comments means more space
is used up.
>5. On List renewal, is it correct that the Interval (i.e. yearly
> monthly, weekly) specifies the time from the subscription or last
> confirmation that the subscription is due to expire?
Yes. LSVEXPIR runs every day, but uses the information in the list header
to decide when to take action.
>6. The FILES= command. If I set FILES= No to prevent something like the
> CHRISTMA EXEC from being distributed to the list, does that also
> prevent the BITNET sites without mailers from sending to the list?
It prevents BITNET sites with strictly no mail facility from sending to
the list - a few MVS sites and the like which should join the real world
and are better off being given an incentive to do so.
>7. How can you tell whether files have the FORM of REDIST? Is this
> related to the FILES= keyword? Does this have to do with Edited
> lists?
This is mostly historical. It is a way to allow limited use of file
distribution by requiring the sender to set the form to REDIST when it is
not a mistake and he does indeed actually want the file distributed. You
enable this mode with "Files= Yes Formcheck= Yes". In practice, for most
lists, file distribution is either appropriate or unappropriate, with the
number of lists in the former category decreasing every day as BITNET
dies its slow death. The VMSHARE/PCSHARE distributions come from a list
which is a good example of a case where this is clearly appropriate.
>8. Where can one get a list of SERVICE areas?
The keyword "Local", any BITNET nodeid or Internet hostname, or the name
of any country or network. You can use a not or minus sign in front of a
keyword to indicate sites which should be excluded.
>10. Last question: are all list headers changable after the list is
> established? Any insight would be helpful.
Yes of course!
Eric
|