[IRCServices Coding] SENDPASS with encryption...

Aragon Gouveia aragon at phat.za.net
Wed Feb 4 13:08:25 PST 2004


Or why not just email some kind of random unique cookie which is then msg'd
to nickserv to reset and obtain the new password.  Kinda like the auth
system for authorising new registrations...

That'll also take care of the insecure nature of emailing passwords.  More
and more ircds are supporting ssl client connections.  Getting the new
password over irc is favourable in that regard.


Regards,
Aragon


| By Martin Pels <martinpels at hotmail.com>
|                                          [ 2004-02-04 22:54 +0200 ]
> I'm looking forward to this module. It is what kept us from switching to
> encrypted passwords.
> 
> Here's some ideas on the abuse problem:
> * Only allow usage of the command from hosts that are in the nickname's
> accesslist
> * Send the nick!user at host of the user that issued the command in the E-mail
> (it won't prevent abuse, but at least you'll know who's been playing around)
> * Give a notice to services operators/admins each time the command is issued
> * Limit the amount of times the command can be used successively
> 
> Hope this helps.
> 
> Grtz,
> Martin
> 
> ----- Original Message -----
> From: "Craig McLure" <Craig at chatspike.net>
> To: "ircservices-coding" <ircservices-coding at ircservices.za.net>
> Sent: Wednesday, February 04, 2004 4:47 PM
> Subject: [IRCServices Coding] SENDPASS with encryption...
> 
> 
> > I've been working on a module that allows use of sendpass whilst using
> encrypted passwords (i'll contribute the source to Andy when complete for
> inclusion in services), it will work by changing the users password, and
> mailing them that.. but i cant find around other users using it miliciously
> to aggrovate others..
> >
> > anyone got any idea on how this can be resolved? thanks :)
> >
> > /****************************************
> >  *     Craig "FrostyCoolSlug" McLure
> >  * InspIRCd   - http://www.inspircd.org
> >  * ChatSpike  - http://www.chatspike.net
> >  ****************************************/
> >
> > ------------------------------------------------------------------
> > To unsubscribe or change your subscription options, visit:
> > http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
> >
> ------------------------------------------------------------------
> To unsubscribe or change your subscription options, visit:
> http://www.ircservices.za.net/mailman/listinfo/ircservices-coding