Tue, 13 Jun 2006 11:15:29 -0400
|
"LISTSERV site administrators' forum" <[log in to unmask]>
wrote on 06/06/2006 11:37:20 AM:
> Generally, the Best Practices for this is that the site administrator
should
> *NOT* be able to retrieve passwords. The fact that it can be done
> doesn't make
> it a good idea. (As an aside, I don't think there's any cases in
Listserv
> where the proper combo of your own admin password and the 'FOR' command
won't
> let you work around a missing/lost password...). A better solution is
for the
> site administrator to simply *reset* the password and tell the user what
it is
> now. And don't use "but resetting it will break scripts and saved
> passwords" -
> if it's already coded in a script or saved, you already *have* the
> password and
> don't need to snarf it out of Listserv... ;)
Another argument against being able to read the password is that people
are lazy (myself included) and use the same password for multiple systems.
Some people use the same one for EVERYTHING! I use more than one,
depending on the level of security needed. Ie. Stupid web accounts that
are prone to getting hacked get my low-level-don't-care password. I use
another one for sites I care more about, and several others for work.
---
SPAM(tm) Ingredients: Pork with Ham, Salt, Water, Modified Potato Starch,
Sugar, Sodium Nitrate
William Brown
Web Development & Messaging Services
Technology Services, WNYRIC, Erie 1 BOCES
(716)821-7285
|
|
|