>> If the user does not know the password then the logical thing would be for them to re-register. << Then you have a multiple account issue, along with an account expiry issue to solve it. >> There is a greater amount of security in having a hidden password than one that can easily be viewed. << Not really, because it is too easy to obtain the users password via other means.... I will not go into this again, I will say that "hiding" the information does NOT make it more secure.
>> This may not be an issue if you are running the system out of your home. I run a system from my home and this is not a problem for me there. <<
I run a system from my home but must also think about those that do not. As I have stated in the prior message, everyone should understand the "human engineering" side of security. Hiding the user passwords in the UM while making the database it uses easily readible via a text editor, and exportable via menu command to a plain text file is not secure, and cannot be made so because the requirements are contradictory! There is a tradeoff of the requirement for data post-processing and Sysop-mandated maintenance versus ultimate security and crash recovery (encrypted files are harder to recover by design!!!)
---
Daniel O'Leary, Sysop KloneZone Mac - A TeleFinder 5.6 BBS * TFDEV Network Hub 532 Verna Trail North, Fort Forth TX USA 76108 Voice=> (817)367-2558 Dial-In=> (817)367-2712 Fido=> 1:130/1015 TFNet=> klonezone.tfnet.org Inet=> kz.eaze.net www=> http://kz.eaze.net
