> With elog it is possible to submit messages to a password protected
> logbook without specifying the -u option.  I.e. NO PASSWORD is
> necessary to submit a message.  I assume it is related to the problem
> of expiring password-cookies while entering the message using a web
> browser.

Indeed this problem is related to the expiring password cookies. As a 
reminder: For the submission of a new entry, the password is checked when one 
presses the "New" button, but NOT for the "submit". This is because a 
password can expire between the "New" and the "Submit", so a entered message 
could not be sent. The question is now what to do with the standalone "elog".

Right now, elog does a normal submission where the password is not checked, 
which is maybe not what one wants. But what to do? If elog sends a special 
flag "please do check password on submit", someone could analyze the source 
code, remove the flag from elog and then still submit messages without a 
password. If I put an additional flag to the web browser submission "please 
do not check the password since the cookie might have been expired", someone 
can add this flag into elog and still bypass the password checking.

Anothe thing which bothers me is if you specify the password explicitly on 
the command line of elog, it's visible in some scripts etc, which yould be a 
security issue as well.

Any ideas?