[IRCServices Coding] SENDPASS with encryption...

Craig McLure Craig at chatspike.net
Wed Feb 4 18:18:42 PST 2004 

i'll make it a Config option.. thanks for the suggestion :)

/****************************************
 *     Craig "FrostyCoolSlug" McLure
 * InspIRCd   - http://www.inspircd.org
 * ChatSpike  - http://www.chatspike.net
 ****************************************/


/****************************************
 * From    - DeadNotBuried . <idontwantthisshit at hotmail.com>
 * To      - ircservices-coding at ircservices.za.net <ircservices-coding at ircservices.za.net>
 * Sent    - 2004-02-05 00:15:16
 * Subject - Re: Re: [IRCServices Coding] SENDPASS with encryption...
 ****************************************/

/****** - Begin Original Message - ******/

>maybe time out the auth code rather quickly, or have an option to set how 
>long they last for, eg the auth code could only be used for 2 hours after 
>being sent
>
>>
>>i was thinking, instead of setting a new password, send them some sorta 
>>auth code, which uses a command such as SENDPASSAUTH, once that command 
>>completes successfully, the user get +r, and it assumes the user is 
>>identified, so that if someone tries to use it miliciously, it wont work. 
>>the users 'old' password will still work, but as services assumes after the 
>>sendpassauth that the user is logged in, they will be able to switch to 
>>their normal nickname and do a set password
>>
>>opinions?
>>
>>/****************************************
>>  *     Craig "FrostyCoolSlug" McLure
>>  * InspIRCd   - http://www.inspircd.org
>>  * ChatSpike  - http://www.chatspike.net
>>  ****************************************/
>>
>>
>>/****************************************
>>  * From    - Martin Pels <martinpels at hotmail.com>
>>  * To      - IRC Services Coding Mailing List 
>><ircservices-coding at ircservices.za.net>
>>  * Sent    - 2004-02-04 18:08:52
>>  * Subject - Re: [IRCServices Coding] SENDPASS with encryption...
>>  ****************************************/
>>
>>/****** - Begin Original Message - ******/
>>
>> >I'm looking forward to this module. It is what kept us from switching to
>> >encrypted passwords.
>> >
>> >Here's some ideas on the abuse problem:
>> >* Only allow usage of the command from hosts that are in the nickname's
>> >accesslist
>> >* Send the nick!user at host of the user that issued the command in the 
>>E-mail
>> >(it won't prevent abuse, but at least you'll know who's been playing 
>>around)
>> >* Give a notice to services operators/admins each time the command is 
>>issued
>> >* Limit the amount of times the command can be used successively
>> >
>> >Hope this helps.
>> >
>> >Grtz,
>> >Martin
>> >
>> >----- Original Message -----
>> >From: "Craig McLure" <Craig at chatspike.net>
>> >To: "ircservices-coding" <ircservices-coding at ircservices.za.net>
>> >Sent: Wednesday, February 04, 2004 4:47 PM
>> >Subject: [IRCServices Coding] SENDPASS with encryption...
>> >
>> >
>> >> I've been working on a module that allows use of sendpass whilst using
>> >encrypted passwords (i'll contribute the source to Andy when complete for
>> >inclusion in services), it will work by changing the users password, and
>> >mailing them that.. but i cant find around other users using it 
>>miliciously
>> >to aggrovate others..
>> >>
>> >> anyone got any idea on how this can be resolved? thanks :)
>> >>
>> >> /****************************************
>> >>  *     Craig "FrostyCoolSlug" McLure
>> >>  * InspIRCd   - http://www.inspircd.org
>> >>  * ChatSpike  - http://www.chatspike.net
>> >>  ****************************************/
>> >>
>> >> ------------------------------------------------------------------
>> >> To unsubscribe or change your subscription options, visit:
>> >> http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
>> >>
>> >------------------------------------------------------------------
>> >To unsubscribe or change your subscription options, visit:
>> >http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
>> >.
>>
>>/******* - End Original Message - *******/
>>
>>
>>------------------------------------------------------------------
>>To unsubscribe or change your subscription options, visit:
>>http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
>
>_________________________________________________________________
>ninemsn Premium transforms your e-mail with colours, photos and animated 
>text. Click here  http://ninemsn.com.au/premium/landing.asp
>
>------------------------------------------------------------------
>To unsubscribe or change your subscription options, visit:
>http://www.ircservices.za.net/mailman/listinfo/ircservices-coding
>.

/******* - End Original Message - *******/