"Eric Thomas (CERN/L3)" <ERIC@LEPICS>
Tue, 11 Apr 89 19:28:45 GMT
|
No problem with that approach. I had planned to do something like that
for nodes that change their names (both NADs having to confirm the
command). The only problem is that there are lists (the ones with the
various high-security keywords) for which this will not work. To change
the AFD, password validation is required as a rule (the prolog-text can
contain a password when LISTSERV is used as a "feed" for another
LISTSERV, or similar file server). If user A has an AFD at some site, he
already has a password, so no problem. But if he has another password at
a different site, he may need to do the command twice, or to specify the
two passwords (as in 'PW=myfirstpw,myotherpw,yetanotherone'). Also, user
B would need to get himself a password to confirm all of this, etc.
All this nonsense is not the fault of the user, but of LISTSERV and of
the network (which provides near-zero security). The problem is that the
LISTSERVs cannot trust each other any more than they can trust a user.
The rule is that anything LISTSERV@A is allowed to ask LISTSERV@B to do,
a hacker that can fake addresses must be able to do directly; this way,
faking the address of LISTSERV@A doesn't give him any benefit over faking
the address of his target.
I plan to change this in a future version, but this requires a major
design change and it cannot be done quickly. This is the reason why I am
delaying the implementation of this kind of things.
Eric
|
|
|