On Mon, 30 Jan 1995 22:48:42 -0600 Bruce Dienes <[log in to unmask]> said: >Is there somewhere that defines what "protected commands" are? It would >be nice to have a validate setting that checks listowner-level commands, >but lets user-level commands through. That way people can't get/put the >header, but individuals could still reset their topics selections, etc., >without hassle. It would be convenient, but it wouldn't be safe. Instead of forging a SET XXX FOR YYY from the list owner, hackers would just forge a simple SET XXX from the user. You need the list password to PUT the header even with the lowest security level. >What exactly happens when the above setting is used? I assume that every >command is sent back to the addressee with a request to send the "OK" >confirmation back to listserv. Yes. >Again, if anyone has a list of which commands are "protected" and which >commands are not (and thus unaffected by the above setting) I would >appreciate that! At that level, all commands that modify the list are protected. If you find a command that modifies the list but isn't protected at the highest security level, it's a bug and it will be fixed as soon as it is reported. Eric