Paul Leach <paulle@microsoft.com> wrote: > [...] > This is the proposed replacement for the paragraph in question: > > If a server permits users to select their own passwords, then the threat is > not only illicit access to documents on the server but also illicit access > to any other resources on other systems that the user protects with the same > password. Furthermore, in the server's password database, many of the > passwords may also be users' passwords for other sites. The owner or > administrator of such a system could conceivably incur liability if this > information is not maintained in a secure fashion. Just a (what else?) nit: the word "illicit" makes me uncomfortable. How about "unauthorized"? I'm also inclined to agree with Scott's remarks about "liability". Perhaps the last sentence should read: The owner or administrator of such a system could therefore expose all users of the system to the risk of unauthorized access of all those accounts if this information is not maintained in a secure fashion. Dave KristolReceived on Wednesday, 2 September 1998 16:49:32 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:05 UTC