|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: SMTP cruft (was: Re: [PLUG] Does restricting partial words weaken passwords?)
|
gabriel rosenkoetter wrote:
>
> On Wed, Sep 05, 2001 at 04:02:14PM -0400, Dave Turner wrote:
> > You are looking from a system security standpoint at what I took as a
> > mathematical question :)
>
> No cryptography question is only a mathematical question.
Um. Yes, all cryptography questions are only mathematical questions -
otherwise, the easiest way to get a password is brute force with rubber hoses
and all crypto discussion is meaningless.
Security is a different topic entirely.
> > You can do that by checking From rather than Sender.
>
> No, you can't, because a sender can easily spoof a From: address. If
> what you're concerned about is that only people who actually do have
> permission to post to the mailing list do, you have to rely on the
> envelope From address or the Delivered-To headers. Go read the
> relevant RFCs, to which you were already kindly referred.
So, my secretary can't send messages to PLUG to me? :) Anyway, since I don't
host my own SMTP server, I can't make my self into an authenticated user.
--
-[Dave Turner Stalk me: (215)-545-2859]
------------------------------------------------------------------------
*** Error: The method "java.lang.Object newInstance();" can throw the
checked exception "java/lang/IllegalAccessException", but its invocation
is neither enclosed in a try statement that can catch that exception
nor in the body of a method or constructor that "throws" that exception.
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|