Re: Security + LicensingJayant Kumar Gandhi wrote: What if some unauthorized person gains access and downloads backup and hence has email addresses, passwords of people and can do anything with them.... In that case they may well delete all the data. And you can restore it using your own backup file. What I suggested is also cookies, but they are called session cookies. They work everywhere unlike cookies which might be disabled at many places. Then we are both talking about session cookies. But my idea is that they should simply be working all through a browser session, so that you wouldn't need to complicate the set-up with temporary files. Presently if suppose the superadmin leaves the system unattended, anyone can view source of page and get the password Okay, I agree that the implementation of session cookies would prevent that from happening. ... and password(which is generally same everywhere).
When you subscribed to this list, you may have noticed a remark about the limited password security for a Mailman mailing list (see the lower part of http://lists.sourceforge.net/lists/listinfo/ringlink-open). There is a similar comment in the Ringlink FAQ at http://www.ringlink.org/faq/install.html#8. Maybe it would be a good idea to include such a 'warning' right on the forms for submitting rings and sites. / Gunnar
|