On Sun, Apr 14, 2002 at 02:40:10PM +0200, Werner Reisberger wrote:
Since the maintainer password is send in cleartext with the x_command interface of SmartList I made some scripts and patches to enable SmartList to process x_commands with encrypted passwords.
Am I missing something here? It's true that this system prevents someone from discovering the password by intercepting email; however, the token which the email interceptor discovers is just as good as a password, in that it can be used to cause the execution of X-Commands. I suggest that a truly secure system would have authentication tokens which were only valid on a single occasion; perhaps the system should randomly change the X-Command password after each command, and email the new password to the maintainer address. (Ideally, of course, it wouldn't even do that; the maintainer would have a list of passwords which would be used in order, and have some secure means of getting more passwords.) In the absence of a truly cryptographically secured system - such as connecting to the list server with SSH - I fear this is the best that can be done. Roger