Peter Whiting wrote: > On Mon, Feb 06, 2006 at 08:56:24AM -0800, Carl Youngblood wrote: > > >> I appreciate your concerns Pete, but I don't think that >> the analogy holds. This script resides on someone's local >> computer and does not publish the user's username or >> password anywhere. > > > > based on this comment from the original post: > > "The script is set up as a web application (perl CGI). They go > to a form that is hosted on a web site." > > I assume the script is not residing on the user's computer - > rather on some external site. If this assumption is correct than > it could be a phishing attack. (For the record, I know Stacey and > am definitely not accusing him of phishing.)
Yes, the only kind of phishing I enjoy is (fly) "fishing". :) Yes, the cgi script is hosted on a simple web portal which makes it easy to support for the stake leaders that use it. Having to install on their desktop would require a lot more support but would resolve the potential problem of a "covert channel" added to the script that saves off username/passwords. Given that an almost working calendar export feature is available from the ldschurch guys I am planning to replace my script with an instruction page on how to export calendars directly. Best Regards, -stacey. _______________________________________________ Ldsoss mailing list [email protected] http://lists.ldsoss.org/mailman/listinfo/ldsoss
