[IRCServices] Merging...

[Arathorn]

Andrew Church wrote:
>
> >Is there a way to force every user to set their real email adress when we
> >use the version 5 of IRC-Services after an update from version 4 ?
> >(We want to use the sendpass options and mail-auth)
> >
> >A lot of user in our network have registred their nicknames using emails
> >address like a at b.c and we want to force them to use their real address
> >email when we'll merge v4 to v5
>
>      The next release will have a command-line option,
"-clear-nick-email",
> which will clear the E-mail addresses stored with all nicknames.  More
> details will be included in docs/upgrade.html in that release.

When I upgraded to v5, a strategic temporary addition of email=0; to
modules/database/version4.c served to perform the same operation.  However,
we then found a somewhat undesired sideeffect - namely that because in v4
days, NSDefHideEmail had been commented out - old registered users migrating
onto v5 were duly forced to enter valid e-mail addresses - **which were then
visible for the whole world to see on a /msg nickserv info Nickname.**

This was obviously a huge security issue, given that users were already iffy
about having to submit valid e-mail addresses in the first place - and thus
the fact that their private addies were now available to anyone and everyone
was not well received, both from a spam and anonymity point of view.  And so
I fixed it by adding an equally strategic temporary ngi->flags |=
NF_HIDE_EMAIL; to modules/database/version4.c, and restarted the migration
process.

Should this scenario also be handled somewhere in Services, if nothing else
to prevent users from blaming this potential lack of privacy on Services
rather than the shortsightedness of an admin (such as I) who failed to set
NSDefHideEmail when first configuring Services years ago?

A.

________________________________________________________________
Matthew Hodgson   arathorn at theonering.net   Tel: +44 7968 722968
             Arathorn: Co-Sysadmin, TheOneRing.net®