1 <!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 3.2//EN">
4 <TITLE> [IRCServices] Suggestion
6 <LINK REL=
"Index" HREF=
"index.html" >
7 <LINK REL=
"made" HREF=
"mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Suggestion&In-Reply-To=">
8 <META NAME=
"robots" CONTENT=
"index,nofollow">
9 <META http-equiv=
"Content-Type" content=
"text/html; charset=us-ascii">
10 <LINK REL=
"Previous" HREF=
"001631.html">
11 <LINK REL=
"Next" HREF=
"001656.html">
13 <BODY BGCOLOR=
"#ffffff">
14 <H1>[IRCServices] Suggestion
</H1>
16 <A HREF=
"mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Suggestion&In-Reply-To="
17 TITLE=
"[IRCServices] Suggestion">achurch at achurch.org
19 <I>Mon Mar
19 00:
27:
01 PST
2001</I>
21 <LI>Previous message:
<A HREF=
"001631.html">[IRCServices] Suggestion
23 <LI>Next message:
<A HREF=
"001656.html">[IRCServices] Suggestion
25 <LI> <B>Messages sorted by:
</B>
26 <a href=
"date.html#1634">[ date ]
</a>
27 <a href=
"thread.html#1634">[ thread ]
</a>
28 <a href=
"subject.html#1634">[ subject ]
</a>
29 <a href=
"author.html#1634">[ author ]
</a>
34 <PRE>>><i> Since users having their passwords taken almost certainly means they
35 </I>>><i> chose an easy-to-guess password, the right solution is to educate the
36 </I>>><i> users. I don't see why Services should have to run through hoops to try
37 </I>>><i> and solve this problem. (Of course, if your server is being
38 </I>>><i> packet-sniffed, then you have other problems altogether.)
40 </I>><i>This is correct, but you also have to see, that passwords are
"guessed
"
41 </I>><i>via scripts, which use sockets (mirc has socket events e.g.) And start a
42 </I>><i>good amount of connects, each with
3 nick password guesses, sure it takes
43 </I>><i>time on good passwords, but sometimes users simply cannot stop themselves
44 </I>><i>from setting the cellular phone number as their password, su suddenly it
45 </I>><i>gets limited to numbers only etc, etc.
47 Hm, that's a good point. Looks like I need a better way to detect
50 ><i>Each time a nickname is registered, a nick gets an authentication code, a
51 </I>><i>la dalnet, which cannot be changed, and which is not shown. Thi code is
52 </I>><i>emailed to the address given with the register command. After that, the
53 </I>><i>person has to issue /nickserv AUTH
<code
> within some services.conf days,
54 </I>><i>or the registration will expire. If people claim to have lost their
55 </I>><i>passwords, but can prove that they have the authentication code, because
56 </I>><i>it was emailed to them, a services oper can issue /nickserv GETAUTH nick,
57 </I>><i>and check the real authentication code against the given, if they match,
58 </I>><i>it is highly possible that the person is the real owner, so
59 </I>><i>sendpass/getpass can be issued.
61 While this is a good idea if you want to ensure accountability of your
62 users, I don't see how it solves the problem of E-mail addresses being
63 changed after registration. On the other hand, if this is applied to SET
64 EMAIL as well, you can avoid that problem; but then you have to deal with
65 people who can't use their old address and distinguishing them from
66 crackers who guessed the password and want to steal the nick.
69 <A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices">achurch at achurch.org
</A> | New address - please note.
70 <A HREF=
"http://achurch.org/">http://achurch.org/
</A> |
メールアドレスが変わりました。
79 <LI>Previous message:
<A HREF=
"001631.html">[IRCServices] Suggestion
81 <LI>Next message:
<A HREF=
"001656.html">[IRCServices] Suggestion
83 <LI> <B>Messages sorted by:
</B>
84 <a href=
"date.html#1634">[ date ]
</a>
85 <a href=
"thread.html#1634">[ thread ]
</a>
86 <a href=
"subject.html#1634">[ subject ]
</a>
87 <a href=
"author.html#1634">[ author ]
</a>
projects / irc.git / blob