Re: src/sbbs3/useredit.cpp
  By: echicken to MRO on Mon Feb 27 2023 06:01 pm

 >
 >  MR> so you think other comparable softwares do the same thing? I wasn't
 >  MR> aware of that. having passwords in multiple files in plain text seems
 >  MR> insecure.
 >
 > I don't know about comparable, but I've used things that required a
 > different password for some protocol.

i was thinking about stuff like citadel which is now groupware or a server suite. i thought it had ftp but i'm not sure.   I dont think their passwords are in plain text in many data files.

 > I had a separate POP3 password in
 > gmail, for example. I don't know if this was for a technical reason or if it
 > was like a revokable 'device password'.

i think it's both. i have those device passwords in my email client for gmail
and my old old old yahoo accounts (which i should terminate. thanks for the databreach money, yahoo).

 > Depending on what you mean by running the wrong script, there isn't always
 > much to be done to protect sysops from themselves. A JS module could do
 > whatever it wanted to your BBS, and I don't think most sysops realize how
 > much trust is involved there. Some shell script or batch file running as

i just mean a script that isn't locked down that allows you to type out files.
i know when that issue was around years ago there were some measures put in place to stop using ATcodes to type out a file.
---
 þ Synchronet þ ::: BBSES.info - free BBS services :::