[Insight-developers] [Fwd: Re: itk users mailing list]
Bill Hoffman
bill.hoffman@kitware.com
Thu, 21 Nov 2002 12:19:33 -0500
--=====================_93367437==.ALT
Content-Type: text/plain; charset="us-ascii"
It already says this:
You must enter a privacy password. This provides only mild security, but should prevent others from messing with your subscription. Do not use valuable passwords! Once a month, your password will be emailed to you as a reminder.
At 12:13 PM 11/21/2002 -0500, Stephen R. Aylward wrote:
>Hi,
>
>I think Michael has a valid point - perhaps we should put a warning (in red) on the page where they sign-up for an account.
>
>Stephen
>
>-------- Original Message --------
>Subject: Re: itk users mailing list
>Date: Thu, 21 Nov 2002 11:35:27 -0500
>From: Michael Bell <bell@radonc.unc.edu>
>To: "Stephen R. Aylward" <aylward@unc.edu>
>References: <20021121154354.GB15864@janus.radonc.unc.edu> <3DDD0999.60800@unc.edu>
>
>Stephen,
> Sorry I am not going through the list, but I guess I don't have
>access to the developer list.
>
> The problem is not necessarily just for this account. I use the same
>password for a certain class of accounts. Fortunately, the accounts are
>all of little importance, but I have to go change them all now because I
>can't trust that password anymore.
>
> Regardless of how the capabilities are for an account, it doesn't
>make sense to make the password available for anyone with a sniffer to
>read. Otherwise, what is the point of having a password?
>
>thanks,
>michael
>
>On Thu, Nov 21, 2002 at 11:28:09AM -0500, Stephen R. Aylward wrote:
>> Hi,
>>
>> One of our users just sent me this...I don't think plain text is an
>> issue at all, but perhaps ya'll can suggest a better response for me to
>> give him other than...for itk users plain text is okay since anyone can
>> become a user and the user accounts have very limited capabilities....
>>
>> s
>>
>> Michael Bell wrote:
>> >Stephen,
>> > I signed up for the itk users mailing list today, and it mailed me
>> >my password in plain text. That is kind of a bad thing. Is there any way
>> >to change that?
>> >
>> >thanks,
>> >michael
>> >
>>
>>
>> --
>> ===============================================
>> Dr. Stephen R. Aylward
>> Assistant Professor of Radiology
>> Adjunct Assistant Professor of Computer Science
>> http://caddlab.rad.unc.edu
>> aylward@unc.edu
>> (919) 966-9695
>>
>
>--
>bell@radonc.unc.edu
>
>--
>===============================================
>Dr. Stephen R. Aylward
>Assistant Professor of Radiology
>Adjunct Assistant Professor of Computer Science
>http://caddlab.rad.unc.edu
>aylward@unc.edu
>(919) 966-9695
>
>_______________________________________________
>Insight-developers mailing list
>Insight-developers@public.kitware.com
>http://public.kitware.com/mailman/listinfo/insight-developers
--=====================_93367437==.ALT
Content-Type: text/html; charset="us-ascii"
<html>
<body>
It already says this:
<ul>
<font size=2>You must enter a privacy password. This provides only mild
security, but should prevent others from messing with your subscription.
Do not use valuable passwords! Once a month, your password will be
emailed to you as a reminder. <br>
<br><br></font>
</ul>At 12:13 PM 11/21/2002 -0500, Stephen R. Aylward wrote:<br>
<blockquote type=cite class=cite cite>Hi,<br><br>
I think Michael has a valid point - perhaps we should put a warning (in
red) on the page where they sign-up for an account.<br><br>
Stephen<br><br>
-------- Original Message --------<br>
Subject: Re: itk users mailing list<br>
Date: Thu, 21 Nov 2002 11:35:27 -0500<br>
From: Michael Bell <bell@radonc.unc.edu><br>
To: "Stephen R. Aylward" <aylward@unc.edu><br>
References: <20021121154354.GB15864@janus.radonc.unc.edu>
<3DDD0999.60800@unc.edu><br><br>
Stephen,<br>
Sorry I am not going through the list, but I guess I
don't have<br>
access to the developer list.<br><br>
The problem is not necessarily just for this account.
I use the same<br>
password for a certain class of accounts. Fortunately, the accounts
are<br>
all of little importance, but I have to go change them all now because
I<br>
can't trust that password anymore.<br><br>
Regardless of how the capabilities are for an account,
it doesn't<br>
make sense to make the password available for anyone with a sniffer
to<br>
read. Otherwise, what is the point of having a password?<br><br>
thanks,<br>
michael<br><br>
On Thu, Nov 21, 2002 at 11:28:09AM -0500, Stephen R. Aylward wrote:<br>
> Hi,<br>
><br>
> One of our users just sent me this...I don't think plain text is
an<br>
> issue at all, but perhaps ya'll can suggest a better response for me
to<br>
> give him other than...for itk users plain text is okay since anyone
can<br>
> become a user and the user accounts have very limited
capabilities....<br>
><br>
> s<br>
><br>
> Michael Bell wrote:<br>
> >Stephen,<br>
> > I signed up for the itk users mailing list
today, and it mailed me<br>
> >my password in plain text. That is kind of a bad thing. Is there
any way<br>
> >to change that?<br>
> ><br>
> >thanks,<br>
> >michael<br>
> ><br>
><br>
><br>
> --<br>
> ===============================================<br>
> Dr. Stephen R. Aylward<br>
> Assistant Professor of Radiology<br>
> Adjunct Assistant Professor of Computer Science<br>
>
<a href="http://caddlab.rad.unc.edu/" eudora="autourl">http://caddlab.rad.unc.edu</a><br>
> aylward@unc.edu<br>
> (919) 966-9695<br>
><br><br>
-- <br>
bell@radonc.unc.edu<br><br>
-- <br>
===============================================<br>
Dr. Stephen R. Aylward<br>
Assistant Professor of Radiology<br>
Adjunct Assistant Professor of Computer Science<br>
<a href="http://caddlab.rad.unc.edu/" eudora="autourl">http://caddlab.rad.unc.edu</a><br>
aylward@unc.edu<br>
(919) 966-9695<br><br>
_______________________________________________<br>
Insight-developers mailing list<br>
Insight-developers@public.kitware.com<br>
<a href="http://public.kitware.com/mailman/listinfo/insight-developers" eudora="autourl">http://public.kitware.com/mailman/listinfo/insight-developers</a></blockquote></body>
</html>
--=====================_93367437==.ALT--