--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+ <TITLE> AW: [IRCServices Coding] A few things...
+ </TITLE>
+ <LINK REL="Index" HREF="index.html" >
+ <LINK REL="made" HREF="mailto:ircservices-coding%40ircservices.za.net?Subject=AW%3A%20%5BIRCServices%20Coding%5D%20A%20few%20things...&In-Reply-To=000201c26094%24c6ca53d0%24a2a90d81%40mib.teco.edu">
+ <META NAME="robots" CONTENT="index,nofollow">
+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+ <LINK REL="Previous" HREF="001474.html">
+ <LINK REL="Next" HREF="001484.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+ <H1>AW: [IRCServices Coding] A few things...</H1>
+ <B>Panagiotis Kefalidis</B>
+ <A HREF="mailto:ircservices-coding%40ircservices.za.net?Subject=AW%3A%20%5BIRCServices%20Coding%5D%20A%20few%20things...&In-Reply-To=000201c26094%24c6ca53d0%24a2a90d81%40mib.teco.edu"
+ TITLE="AW: [IRCServices Coding] A few things...">pkef at hnioxos.ee.auth.gr
+ </A><BR>
+ <I>Fri Sep 20 04:50:54 PDT 2002</I>
+ <P><UL>
+ <LI>Previous message: <A HREF="001474.html">AW: [IRCServices Coding] A few things...
+</A></li>
+ <LI>Next message: <A HREF="001484.html">[IRCServices Coding] A few things...
+</A></li>
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#1476">[ date ]</a>
+ <a href="thread.html#1476">[ thread ]</a>
+ <a href="subject.html#1476">[ subject ]</a>
+ <a href="author.html#1476">[ author ]</a>
+ </LI>
+ </UL>
+ <HR>
+<!--beginarticle-->
+<PRE>
+On Fri, 20 Sep 2002, Yusuf Iskenderoglu wrote:
+
+><i>
+</I>><i>
+</I>><i> Hello;
+</I>><i>
+</I>><i> >> How will you ensure that the email is correct ? If it is not
+</I>><i> >> Authenticated ? Users could have set <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">a at b.c.de</A> as email.
+</I>><i> >I think we don't care about the email they've set.To set a
+</I>><i> >valid mail is for their own good in case they forget their
+</I>><i> >password.I believe just a notice while running the register
+</I>><i> >proccess,about setting a valid email,is enough. (:
+</I>><i>
+</I>><i> It looks as if you have never run sendmail. And have never had
+</I>><i> To kill 500 sendmail processes trying to time out due to wrong
+</I>><i> Email addresses, when attackers think they are cleverer.
+</I>I did,but to be honest,i'ven't thought about that(attackers).We can add a
+limit to the SENDPASS command to prevent attackers doing this.I mean, in case
+there is an email set,adding a limit to the user preventing him to use
+the SENDPASS more than 1 time per hour or sth like that, would be
+nice/enough to prevent abuse.
+
+Whatever i've written above is not what i believe as being right.
+My personal opinion is that the most safe way is FIRST authenticate
+the email and then anything else.That's to prevent abuse from attackers
+or any other kind of attack to services or the machine running them
+itself,as yusuf mentioned in his reply.
+
+
+><i> Please do consider that there are users without root-rights
+</I>><i> Who also run services, and they cannot modify sendmail settings.
+</I>><i>
+</I>That's true. :|
+><i> As of this, a new command a la DENYMAIL add|del|list to prevent
+</I>><i> Certain email addresses from being used at registration processes
+</I>><i> Would moreover be fine.
+</I>><i>
+</I>><i> SCNR.
+</I>><i> Yusuf
+</I>><i>
+</I>Regards,
+Gizm0.-
+
+
+</PRE>
+
+<!--endarticle-->
+ <HR>
+ <P><UL>
+ <!--threads-->
+ <LI>Previous message: <A HREF="001474.html">AW: [IRCServices Coding] A few things...
+</A></li>
+ <LI>Next message: <A HREF="001484.html">[IRCServices Coding] A few things...
+</A></li>
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#1476">[ date ]</a>
+ <a href="thread.html#1476">[ thread ]</a>
+ <a href="subject.html#1476">[ subject ]</a>
+ <a href="author.html#1476">[ author ]</a>
+ </LI>
+ </UL>
+
+</body></html>
projects / irc.git / blobdiff