subject:"\[sage\-devel\] Re\: Notebook listing usernames"

[sage-devel] Re: Notebook listing usernames

2007-12-21 Thread Justin C. Walker

On Dec 20, 2007, at 21:58 , William Stein wrote: > > On Dec 20, 2007 10:57 PM, William Stein <[EMAIL PROTECTED]> wrote: >> On Dec 20, 2007 6:24 PM, Robert Miller <[EMAIL PROTECTED]> wrote: >>> >>> As pointed out by Michael Abshoff, it seems like an information leak >>> to list all the usernames

[sage-devel] Re: Notebook listing usernames

2007-12-21 Thread Jason Grout

Ondrej Certik wrote: > On Dec 21, 2007 9:33 AM, William Stein <[EMAIL PROTECTED]> wrote: >> On Dec 20, 2007 11:33 PM, <[EMAIL PROTECTED]> wrote: >>> That was my initial reaction, too. In a closed system, it makes sense -- >>> for the public notebook, it doesn't immediately seem like such a bad t

[sage-devel] Re: Notebook listing usernames

2007-12-21 Thread Ondrej Certik

On Dec 21, 2007 9:33 AM, William Stein <[EMAIL PROTECTED]> wrote: > > On Dec 20, 2007 11:33 PM, <[EMAIL PROTECTED]> wrote: > > > > That was my initial reaction, too. In a closed system, it makes sense -- > > for the public notebook, it doesn't immediately seem like such a bad thing, > > but it

[sage-devel] Re: Notebook listing usernames

2007-12-21 Thread William Stein

On Dec 20, 2007 11:33 PM, <[EMAIL PROTECTED]> wrote: > > That was my initial reaction, too. In a closed system, it makes sense -- > for the public notebook, it doesn't immediately seem like such a bad thing, > but it lends to a scary attack. > > Robert makes an account on the public notebook. >

[sage-devel] Re: Notebook listing usernames

2007-12-20 Thread boothby

That was my initial reaction, too. In a closed system, it makes sense -- for the public notebook, it doesn't immediately seem like such a bad thing, but it lends to a scary attack. Robert makes an account on the public notebook. Robert sees William's account on the failure page, so creates an

[sage-devel] Re: Notebook listing usernames

2007-12-20 Thread William Stein

On Dec 20, 2007 10:57 PM, William Stein <[EMAIL PROTECTED]> wrote: > On Dec 20, 2007 6:24 PM, Robert Miller <[EMAIL PROTECTED]> wrote: > > > > As pointed out by Michael Abshoff, it seems like an information leak > > to list all the usernames on a notebook when you fail to use a valid > > one to lo

[sage-devel] Re: Notebook listing usernames

2007-12-20 Thread William Stein

On Dec 20, 2007 6:24 PM, Robert Miller <[EMAIL PROTECTED]> wrote: > > As pointed out by Michael Abshoff, it seems like an information leak > to list all the usernames on a notebook when you fail to use a valid > one to log in. Thoughts? This exact question comes up about every other week. Are y

[sage-devel] Re: Notebook listing usernames

[sage-devel] Re: Notebook listing usernames

[sage-devel] Re: Notebook listing usernames

[sage-devel] Re: Notebook listing usernames

[sage-devel] Re: Notebook listing usernames

[sage-devel] Re: Notebook listing usernames

[sage-devel] Re: Notebook listing usernames

7 matches

Site Navigation

Mail list logo

Footer information