The way I understand it, the Validate= keyword is the first line of
defense. The PW= keyword is used for non-critical commands.

This makes for totally secure administration, because important
system functions have to be confirmed to be executed. That means
that if Joe Hack Guy sends a GET listname (HEADer using a forged
email account the OK confirmation will go to the account he tried
to forge....

However, if you're using the web interface and he has your login
and password then you may be at risk.

Hope this helps. Please set me straight if I'm off base here
folks....

Yours,

Adam Audette


At 05:14 PM 6/8/00 -0700, you wrote:
>Hi there,
>We are running List Serv 1.08d. If a password becomes known, is it
>possible
>for an outsider to do anything to the lists or the List Serv if
>they are not
>an owner of a list?
>Thanks,
>
>Laura John (425)703-0460
>Group Program Manager
>MSNBC.com
>http://www.msnbc.com