[IRCServices Coding] SENDPASS with encryption...
Craig McLure
Craig at chatspike.net
Wed Feb 4 17:42:00 PST 2004
so something like..
/ns sendpass Craig
"You have recieved this e-mail because X!Y at Z has requesed a sendpass on your nickname, if this is you, your password will be changed
by performing the following command on IRC: /ns setpass Craig <AUTHCODE> <NEWPASS>
If you did not request the sendpass, your current password will remain in tact, and you can dis-regard this e-mail"
Then if needed on IRC..
/ns setpass Craig <AUTHCODE> <NEWPASS>
This means if someone attempted to miliciously use the command, the users 'current' password would still work, and its of no inconvieniance.
/****************************************
* Craig "FrostyCoolSlug" McLure
* InspIRCd - http://www.inspircd.org
* ChatSpike - http://www.chatspike.net
****************************************/
/****************************************
* From - Aragon Gouveia <aragon at phat.za.net>
* To - IRC Services Coding Mailing List <ircservices-coding at ircservices.za.net>
* Sent - 2004-02-04 21:08:25
* Subject - Re: [IRCServices Coding] SENDPASS with encryption...
****************************************/
/****** - Begin Original Message - ******/
>Or why not just email some kind of random unique cookie which is then msg'd
>to nickserv to reset and obtain the new password. Kinda like the auth
>system for authorising new registrations...
>
>That'll also take care of the insecure nature of emailing passwords. More
>and more ircds are supporting ssl client connections. Getting the new
>password over irc is favourable in that regard.
>
>
>Regards,
>Aragon
>
>
>| By Martin Pels <martinpels at hotmail.com>
>| [ 2004-02-04 22:54 +0200 ]
>> I'm looking forward to this module. It is what kept us from switching to
>> encrypted passwords.
>>
>> Here's some ideas on the abuse problem:
>> * Only allow usage of the command from hosts that are in the nickname's
>> accesslist
>> * Send the nick!user at host of the user that issued the command in the E-mail
>> (it won't prevent abuse, but at least you'll know who's been playing around)
>> * Give a notice to services operators/admins each time the command is issued
>> * Limit the amount of times the command can be used successively
>>
>> Hope this helps.
>>
>> Grtz,
>> Martin
>>
>> ----- Original Message -----
>> From: "Craig McLure" <Craig at chatspike.net>
>> To: "ircservices-coding" <ircservices-coding at ircservices.za.net>
>> Sent: Wednesday, February 04, 2004 4:47 PM
>> Subject: [IRCServices Coding] SENDPASS with encryption...
>>
>>
>> > I've been working on a module that allows use of sendpass whilst using
>> encrypted passwords (i'll contribute the source to Andy when complete for
>> inclusion in services), it will work by changing the users password, and
>> mailing them that.. but i cant find around other users using it miliciously
>> to aggrovate others..
>> >
>> > anyone got any idea on how this can be resolved? thanks :)
>> >
>> > /****************************************
>> > * Craig "FrostyCoolSlug" McLure
>> > * InspIRCd - http://www.inspircd.org
>> > * ChatSpike - http://www.chatspike.net
>> > ****************************************/
>> >
>> > ------------------------------------------------------------------
>> > To unsubscribe or change your subscription options, visit:
>> > http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
>> >
>> ------------------------------------------------------------------
>> To unsubscribe or change your subscription options, visit:
>> http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
>------------------------------------------------------------------
>To unsubscribe or change your subscription options, visit:
>http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
>.
/******* - End Original Message - *******/