"LISTSERV site administrators' forum" <[log in to unmask]> wrote on 06/06/2006 11:37:20 AM: > Generally, the Best Practices for this is that the site administrator should > *NOT* be able to retrieve passwords. The fact that it can be done > doesn't make > it a good idea. (As an aside, I don't think there's any cases in Listserv > where the proper combo of your own admin password and the 'FOR' command won't > let you work around a missing/lost password...). A better solution is for the > site administrator to simply *reset* the password and tell the user what it is > now. And don't use "but resetting it will break scripts and saved > passwords" - > if it's already coded in a script or saved, you already *have* the > password and > don't need to snarf it out of Listserv... ;) Another argument against being able to read the password is that people are lazy (myself included) and use the same password for multiple systems. Some people use the same one for EVERYTHING! I use more than one, depending on the level of security needed. Ie. Stupid web accounts that are prone to getting hacked get my low-level-don't-care password. I use another one for sites I care more about, and several others for work. --- SPAM(tm) Ingredients: Pork with Ham, Salt, Water, Modified Potato Starch, Sugar, Sodium Nitrate William Brown Web Development & Messaging Services Technology Services, WNYRIC, Erie 1 BOCES (716)821-7285