Hello Fritz, When viewing the ASSP admin pages, the 'Admin Password' is filled in with the actual admin password. The password is therefore visible via both a 'view source' and when network tracing.
Using SSL doesn't solve the issue of a simple 'view source' exposing the password in the event I leave the web page open when my machine is unattended. Some obvious solutions are: 1) Send a blank password with the web page, and if it comes back filled in, then use the new password. This should work since a blank password is unacceptable. 3) Separate the password administration into a separate web page, which prompts for the existing and new password (with confirmation). There is a chance this is in-place as part of the new gui, which I look forward to. Speaking of the WEB interface, I manage one particular customer using a commercial product, and one of the strength it that I get an email report of all SPAM (with subject lines, From/to) with embedded links to have the spam released/whitelisted and the message forwarded to the intended recipient. There is also a 'user' web interface, which allows users to view mail blocked for them, and to release their own mail as well as adding addresses to personal white-lists and black-lists. Are any of these features a possiblility for Assp? Regards David ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
