RELEASE -> !RELEASE

[irc.git] / software / !RELEASES / ircservices / achurch.org / services / lists / ircservices-coding / 2004 / 002885.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [IRCServices Coding] SENDPASS with encryption...
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:ircservices-coding%40ircservices.za.net?Subject=%5BIRCServices%20Coding%5D%20SENDPASS%20with%20encryption...&In-Reply-To=">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="002884.html">
   <LINK REL="Next"  HREF="002886.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[IRCServices Coding] SENDPASS with encryption...</H1>
    <B>Craig McLure</B> 
    <A HREF="mailto:ircservices-coding%40ircservices.za.net?Subject=%5BIRCServices%20Coding%5D%20SENDPASS%20with%20encryption...&In-Reply-To="
       TITLE="[IRCServices Coding] SENDPASS with encryption...">Craig at chatspike.net
       </A><BR>
    <I>Wed Feb  4 17:42:00 PST 2004</I>
    <P><UL>
        <LI>Previous message: <A HREF="002884.html">[IRCServices Coding] SENDPASS with encryption...
</A></li>
        <LI>Next message: <A HREF="002886.html">[IRCServices Coding] SENDPASS with encryption...
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#2885">[ date ]</a>
              <a href="thread.html#2885">[ thread ]</a>
              <a href="subject.html#2885">[ subject ]</a>
              <a href="author.html#2885">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>so something like..

/ns sendpass Craig

&quot;You have recieved this e-mail because X!<A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">Y at Z</A> has requesed a sendpass on your nickname, if this is you, your password will be changed
by performing the following command on IRC: /ns setpass Craig &lt;AUTHCODE&gt; &lt;NEWPASS&gt;

If you did not request the sendpass, your current password will remain in tact, and you can dis-regard this e-mail&quot;

Then if needed on IRC..

/ns setpass Craig &lt;AUTHCODE&gt; &lt;NEWPASS&gt;

This means if someone attempted to miliciously use the command, the users 'current' password would still work, and its of no inconvieniance. 

/****************************************
 *     Craig &quot;FrostyCoolSlug&quot; McLure
 * InspIRCd   - <A HREF="http://www.inspircd.org">http://www.inspircd.org</A>
 * ChatSpike  - <A HREF="http://www.chatspike.net">http://www.chatspike.net</A>
 ****************************************/


/****************************************
 * From    - Aragon Gouveia &lt;<A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">aragon at phat.za.net</A>&gt;
 * To      - IRC Services Coding Mailing List &lt;<A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">ircservices-coding at ircservices.za.net</A>&gt;
 * Sent    - 2004-02-04 21:08:25
 * Subject - Re: [IRCServices Coding] SENDPASS with encryption...
 ****************************************/

/****** - Begin Original Message - ******/

&gt;<i>Or why not just email some kind of random unique cookie which is then msg'd
</I>&gt;<i>to nickserv to reset and obtain the new password.  Kinda like the auth
</I>&gt;<i>system for authorising new registrations...
</I>&gt;<i>
</I>&gt;<i>That'll also take care of the insecure nature of emailing passwords.  More
</I>&gt;<i>and more ircds are supporting ssl client connections.  Getting the new
</I>&gt;<i>password over irc is favourable in that regard.
</I>&gt;<i>
</I>&gt;<i>
</I>&gt;<i>Regards,
</I>&gt;<i>Aragon
</I>&gt;<i>
</I>&gt;<i>
</I>&gt;|<i> By Martin Pels &lt;<A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">martinpels at hotmail.com</A>&gt;
</I>&gt;|<i>                                          [ 2004-02-04 22:54 +0200 ]
</I>&gt;&gt;<i> I'm looking forward to this module. It is what kept us from switching to
</I>&gt;&gt;<i> encrypted passwords.
</I>&gt;&gt;<i> 
</I>&gt;&gt;<i> Here's some ideas on the abuse problem:
</I>&gt;&gt;<i> * Only allow usage of the command from hosts that are in the nickname's
</I>&gt;&gt;<i> accesslist
</I>&gt;&gt;<i> * Send the nick!<A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">user at host</A> of the user that issued the command in the E-mail
</I>&gt;&gt;<i> (it won't prevent abuse, but at least you'll know who's been playing around)
</I>&gt;&gt;<i> * Give a notice to services operators/admins each time the command is issued
</I>&gt;&gt;<i> * Limit the amount of times the command can be used successively
</I>&gt;&gt;<i> 
</I>&gt;&gt;<i> Hope this helps.
</I>&gt;&gt;<i> 
</I>&gt;&gt;<i> Grtz,
</I>&gt;&gt;<i> Martin
</I>&gt;&gt;<i> 
</I>&gt;&gt;<i> ----- Original Message -----
</I>&gt;&gt;<i> From: &quot;Craig McLure&quot; &lt;<A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">Craig at chatspike.net</A>&gt;
</I>&gt;&gt;<i> To: &quot;ircservices-coding&quot; &lt;<A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">ircservices-coding at ircservices.za.net</A>&gt;
</I>&gt;&gt;<i> Sent: Wednesday, February 04, 2004 4:47 PM
</I>&gt;&gt;<i> Subject: [IRCServices Coding] SENDPASS with encryption...
</I>&gt;&gt;<i> 
</I>&gt;&gt;<i> 
</I>&gt;&gt;<i> &gt; I've been working on a module that allows use of sendpass whilst using
</I>&gt;&gt;<i> encrypted passwords (i'll contribute the source to Andy when complete for
</I>&gt;&gt;<i> inclusion in services), it will work by changing the users password, and
</I>&gt;&gt;<i> mailing them that.. but i cant find around other users using it miliciously
</I>&gt;&gt;<i> to aggrovate others..
</I>&gt;&gt;<i> &gt;
</I>&gt;&gt;<i> &gt; anyone got any idea on how this can be resolved? thanks :)
</I>&gt;&gt;<i> &gt;
</I>&gt;&gt;<i> &gt; /****************************************
</I>&gt;&gt;<i> &gt;  *     Craig &quot;FrostyCoolSlug&quot; McLure
</I>&gt;&gt;<i> &gt;  * InspIRCd   - <A HREF="http://www.inspircd.org">http://www.inspircd.org</A>
</I>&gt;&gt;<i> &gt;  * ChatSpike  - <A HREF="http://www.chatspike.net">http://www.chatspike.net</A>
</I>&gt;&gt;<i> &gt;  ****************************************/
</I>&gt;&gt;<i> &gt;
</I>&gt;&gt;<i> &gt; ------------------------------------------------------------------
</I>&gt;&gt;<i> &gt; To unsubscribe or change your subscription options, visit:
</I>&gt;&gt;<i> &gt; <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">http://www.ircservices.za.net/mailman/listinfo/ircservices-coding</A>
</I>&gt;&gt;<i> &gt;
</I>&gt;&gt;<i> ------------------------------------------------------------------
</I>&gt;&gt;<i> To unsubscribe or change your subscription options, visit:
</I>&gt;&gt;<i> <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">http://www.ircservices.za.net/mailman/listinfo/ircservices-coding</A>
</I>&gt;<i>------------------------------------------------------------------
</I>&gt;<i>To unsubscribe or change your subscription options, visit:
</I>&gt;<i><A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">http://www.ircservices.za.net/mailman/listinfo/ircservices-coding</A>
</I>&gt;<i>.
</I>
/******* - End Original Message - *******/



</PRE>

<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
        <LI>Previous message: <A HREF="002884.html">[IRCServices Coding] SENDPASS with encryption...
</A></li>
        <LI>Next message: <A HREF="002886.html">[IRCServices Coding] SENDPASS with encryption...
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#2885">[ date ]</a>
              <a href="thread.html#2885">[ thread ]</a>
              <a href="subject.html#2885">[ subject ]</a>
              <a href="author.html#2885">[ author ]</a>
         </LI>
       </UL>

</body></html>