On Fri, Feb 04, 2005 at 02:40:09AM +0200, Gabor Szabo wrote: > On Wed, 2 Feb 2005, Nicholas Clark wrote: > > >The same hack as rt.cpan.org uses - attempt a login on pause.cpan.org > >using the ID and password provided. If PAUSE accepts it, then you know > >it's the real thing. > > That would mean my server if cracked could be used to collect PAUSE > passwords. I am not sure I'd like to have that responsibility.
No, because you don't keep passwords. You do the auth back to PAUSE as you need it, and then merely record in your site's state that you did it. Nicholas Clark
