"LISTSERV site administrators' forum" <[log in to unmask]> 
wrote on 06/06/2006 11:37:20 AM:
> Generally, the Best Practices for this is that the site administrator 
should
> *NOT* be able to retrieve passwords.  The fact that it can be done 
> doesn't make
> it a good idea. (As an aside, I don't think there's any cases in 
Listserv
> where the proper combo of your own admin password and the 'FOR' command 
won't
> let you work around a missing/lost password...). A better solution is 
for the
> site administrator to simply *reset* the password and tell the user what 
it is
> now.  And don't use "but resetting it will break scripts and saved 
> passwords" -
> if it's already coded in a script or saved, you already *have* the 
> password and
> don't need to snarf it out of Listserv... ;)

Another argument against being able to read the password is that people 
are lazy (myself included) and use the same password for multiple systems. 
 Some people use the same one for EVERYTHING!  I use more than one, 
depending on the level of security needed. Ie. Stupid web accounts that 
are prone to getting hacked get my low-level-don't-care password.  I use 
another one for sites I care more about, and several others for work.

---
SPAM(tm) Ingredients:  Pork with Ham, Salt, Water, Modified Potato Starch, 
Sugar, Sodium Nitrate

William Brown
Web Development & Messaging Services
Technology Services, WNYRIC, Erie 1 BOCES
(716)821-7285