[IRCServices Coding] SENDPASS with encryption...
DeadNotBuried .
idontwantthisshit at hotmail.com
Wed Feb 4 16:15:16 PST 2004
maybe time out the auth code rather quickly, or have an option to set how
long they last for, eg the auth code could only be used for 2 hours after
being sent
>
>i was thinking, instead of setting a new password, send them some sorta
>auth code, which uses a command such as SENDPASSAUTH, once that command
>completes successfully, the user get +r, and it assumes the user is
>identified, so that if someone tries to use it miliciously, it wont work.
>the users 'old' password will still work, but as services assumes after the
>sendpassauth that the user is logged in, they will be able to switch to
>their normal nickname and do a set password
>
>opinions?
>
>/****************************************
> * Craig "FrostyCoolSlug" McLure
> * InspIRCd - http://www.inspircd.org
> * ChatSpike - http://www.chatspike.net
> ****************************************/
>
>
>/****************************************
> * From - Martin Pels <martinpels at hotmail.com>
> * To - IRC Services Coding Mailing List
><ircservices-coding at ircservices.za.net>
> * Sent - 2004-02-04 18:08:52
> * Subject - Re: [IRCServices Coding] SENDPASS with encryption...
> ****************************************/
>
>/****** - Begin Original Message - ******/
>
> >I'm looking forward to this module. It is what kept us from switching to
> >encrypted passwords.
> >
> >Here's some ideas on the abuse problem:
> >* Only allow usage of the command from hosts that are in the nickname's
> >accesslist
> >* Send the nick!user at host of the user that issued the command in the
>E-mail
> >(it won't prevent abuse, but at least you'll know who's been playing
>around)
> >* Give a notice to services operators/admins each time the command is
>issued
> >* Limit the amount of times the command can be used successively
> >
> >Hope this helps.
> >
> >Grtz,
> >Martin
> >
> >----- Original Message -----
> >From: "Craig McLure" <Craig at chatspike.net>
> >To: "ircservices-coding" <ircservices-coding at ircservices.za.net>
> >Sent: Wednesday, February 04, 2004 4:47 PM
> >Subject: [IRCServices Coding] SENDPASS with encryption...
> >
> >
> >> I've been working on a module that allows use of sendpass whilst using
> >encrypted passwords (i'll contribute the source to Andy when complete for
> >inclusion in services), it will work by changing the users password, and
> >mailing them that.. but i cant find around other users using it
>miliciously
> >to aggrovate others..
> >>
> >> anyone got any idea on how this can be resolved? thanks :)
> >>
> >> /****************************************
> >> * Craig "FrostyCoolSlug" McLure
> >> * InspIRCd - http://www.inspircd.org
> >> * ChatSpike - http://www.chatspike.net
> >> ****************************************/
> >>
> >> ------------------------------------------------------------------
> >> To unsubscribe or change your subscription options, visit:
> >> http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
> >>
> >------------------------------------------------------------------
> >To unsubscribe or change your subscription options, visit:
> >http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
> >.
>
>/******* - End Original Message - *******/
>
>
>------------------------------------------------------------------
>To unsubscribe or change your subscription options, visit:
>http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
_________________________________________________________________
ninemsn Premium transforms your e-mail with colours, photos and animated
text. Click here http://ninemsn.com.au/premium/landing.asp