On 2/6/06,
Carl Youngblood <[EMAIL PROTECTED]> wrote:
I appreciate your concerns Pete, but I don't think that the analogy holds. This script resides on someone's local computer and does not publish the user's username or password anywhere. The script merely logs into the website for the person and stores information on their computer. It is behaving as an agent for the person, and its sole capabilities are for downloading content from the church web site, not using the person's password in insecure ways.
I agree that before one uses such a script they should be aware of what it is designed to do.
Best wishes,
CarlOn 2/3/06, Pete Whiting <[EMAIL PROTECTED]> wrote:us better manage our ecclesiastical responsibilities. My concern with what
Stacey has released is related to the pass-through of login information. Giving
your username and password to a script is effectively the same thing as giving
it to a person. Giving your username and password to someone you know is bad.
Giving it to someone you don't know is worse. While the information on a
calendar may be harmless, increasingly critical and confidential workflows are
going to be available on the web (for example, currently missionary applications
can be processed and approved online - other similar efforts are in the works.)
We need each person's login credentials to be secure - as they effectively
represent their signature. Please help train our leaders how to properly protect
those credentials.
_______________________________________________ Ldsoss mailing list [email protected] http://lists.ldsoss.org/mailman/listinfo/ldsoss
