On 6/18/05, Roelof Otten <[EMAIL PROTECTED]> wrote: > AY> On top of all this I have noticed one regrettable security lapse in > AY> OTFE. When uninstalling TB via the Control Panel, no password is > AY> required. In other words, anyone could conceivably come along and > AY> uninstall TB and wipe out the working directories, presumably > AY> including all of your message base... although for some puzzling > AY> reason the uninstall pattern seemed to leave my mail directories > AY> behind. > > When somebody has access to uninstall TB, he also has access to > deleting your message base. I guess OTFE doesn't mean that your data > is better protected against loss (see Krystov's message > mid:[EMAIL PROTECTED]) > But that it's only protected against prying eyes.
Right. But my point was simple. With OTFE, one needs a password or some other ID just to open TB. So why not include that requirement in the OTFE uninstall procedure? To my thinking, that only makes sense. And I know it is quite doable. That is why I described this as a lapse in the OTFE implementation. And the fact that the uninstall script indicates that it will be removing data files and then does not do that seems to be a bug or misdirection in the uninstall script. -- Avi Yashar Windows XP Pro SP2 and The Bat! Pro (No OTFE) 3.5.28 ________________________________________________________ Current beta is 3.5.28 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
