[IRCServices] More suggestions

Partizanu silvius at expres.ro
Tue Mar 20 18:05:00 PST 2001 

a) Have NickServ sends a memo each time a nick is linked - inform the
nick owner that another nick was linked to his nick

b) Make an option to logging system adding switch-style on services.conf

NSLog +IPEL-RMA
R - registration
I - identification
M - manual drop
P - password change
E - email changed
L - links
A - access list add/del
Maybe the same for CSLog?

c) Have a "Last Modif by" on CS access list

And about password/email discussion:

1. Rezervation phase
/msg nickserv register mypass my at email.address
NickServ - Your nick is now reserved
NickServ - Please check my at email.address for instructions

Services sends a 'master-password' to my at email.address
Nick is now reserved, no one can register it for 24 h
Nick can't be added to access lists BUT it can be drop/forbid/suspend

2. Confirmation phase
/msg nickserv confirm <master-password>
NickServ - Your nick is now confirmed and register
----------------
What problems solve this:
a) verify if the email address if it's a valide one or not
b) verify if the email address is actually 'reachable' for the user
c) prevent users register lots of nicks in a easy way
d) make sure user really wants that nick (is not a 'one night nick') -
why wait x days for a nick to expire in this case?
e) user can't change nick's passws without the 'master-passwd' - a
safety check never hurts
f) user can't change nicks's email address without the 'master-passwd' -
a safety check never hurts
(about (e) and (f) - I don't think users change their pass and mails so
often that this procedure become a pain
- let's keep in mind that passwd and email are important identification
elements - again a little safety measure won't hurt)
g) a user can loose his password, he will always be able to change it
useing the 'master-passwd'
h) a password can be stolen, the thief can't change it
i) it's unlikely that the 'master-passwd' can be taken (this is used
only once at registration and from time to time when changeing
passwd/email) - it's not used everytime like the current nick passwd


Hope it helps somehow,
Partizanu