1 <!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 3.2//EN">
4 <TITLE> AW: [IRCServices Coding] A few things...
6 <LINK REL=
"Index" HREF=
"index.html" >
7 <LINK REL=
"made" HREF=
"mailto:ircservices-coding%40ircservices.za.net?Subject=AW%3A%20%5BIRCServices%20Coding%5D%20A%20few%20things...&In-Reply-To=000201c26094%24c6ca53d0%24a2a90d81%40mib.teco.edu">
8 <META NAME=
"robots" CONTENT=
"index,nofollow">
9 <META http-equiv=
"Content-Type" content=
"text/html; charset=us-ascii">
10 <LINK REL=
"Previous" HREF=
"001474.html">
11 <LINK REL=
"Next" HREF=
"001484.html">
13 <BODY BGCOLOR=
"#ffffff">
14 <H1>AW: [IRCServices Coding] A few things...
</H1>
15 <B>Panagiotis Kefalidis
</B>
16 <A HREF=
"mailto:ircservices-coding%40ircservices.za.net?Subject=AW%3A%20%5BIRCServices%20Coding%5D%20A%20few%20things...&In-Reply-To=000201c26094%24c6ca53d0%24a2a90d81%40mib.teco.edu"
17 TITLE=
"AW: [IRCServices Coding] A few things...">pkef at hnioxos.ee.auth.gr
19 <I>Fri Sep
20 04:
50:
54 PDT
2002</I>
21 <LI>Previous message:
<A HREF=
"001474.html">AW: [IRCServices Coding] A few things...
23 <LI>Next message:
<A HREF=
"001484.html">[IRCServices Coding] A few things...
25 <LI> <B>Messages sorted by:
</B>
26 <a href=
"date.html#1476">[ date ]
</a>
27 <a href=
"thread.html#1476">[ thread ]
</a>
28 <a href=
"subject.html#1476">[ subject ]
</a>
29 <a href=
"author.html#1476">[ author ]
</a>
35 On Fri,
20 Sep
2002, Yusuf Iskenderoglu wrote:
41 </I>><i> >> How will you ensure that the email is correct ? If it is not
42 </I>><i> >> Authenticated ? Users could have set
<A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">a at b.c.de
</A> as email.
43 </I>><i> >I think we don't care about the email they've set.To set a
44 </I>><i> >valid mail is for their own good in case they forget their
45 </I>><i> >password.I believe just a notice while running the register
46 </I>><i> >proccess,about setting a valid email,is enough. (:
48 </I>><i> It looks as if you have never run sendmail. And have never had
49 </I>><i> To kill
500 sendmail processes trying to time out due to wrong
50 </I>><i> Email addresses, when attackers think they are cleverer.
51 </I>I did,but to be honest,i'ven't thought about that(attackers).We can add a
52 limit to the SENDPASS command to prevent attackers doing this.I mean, in case
53 there is an email set,adding a limit to the user preventing him to use
54 the SENDPASS more than
1 time per hour or sth like that, would be
55 nice/enough to prevent abuse.
57 Whatever i've written above is not what i believe as being right.
58 My personal opinion is that the most safe way is FIRST authenticate
59 the email and then anything else.That's to prevent abuse from attackers
60 or any other kind of attack to services or the machine running them
61 itself,as yusuf mentioned in his reply.
64 ><i> Please do consider that there are users without root-rights
65 </I>><i> Who also run services, and they cannot modify sendmail settings.
68 ><i> As of this, a new command a la DENYMAIL add|del|list to prevent
69 </I>><i> Certain email addresses from being used at registration processes
70 </I>><i> Would moreover be fine.
85 <LI>Previous message:
<A HREF=
"001474.html">AW: [IRCServices Coding] A few things...
87 <LI>Next message:
<A HREF=
"001484.html">[IRCServices Coding] A few things...
89 <LI> <B>Messages sorted by:
</B>
90 <a href=
"date.html#1476">[ date ]
</a>
91 <a href=
"thread.html#1476">[ thread ]
</a>
92 <a href=
"subject.html#1476">[ subject ]
</a>
93 <a href=
"author.html#1476">[ author ]
</a>
projects / irc.git / blob