[IRCServices] Re: [Imran Ali Rashid - IRCServices] Suggestion

Partizanu silvius at expres.ro
Sun Mar 18 16:46:01 PST 2001


One month ago I was asking about a SENDPASS command in NickServ.
Some people from the list replyed that it is not possible to send the password
as long as the encryption is not reversible.
But Lonewolf pointed out that would be nice to make services reset the
password (/*to some rand chars*/) and send it to user.

But this is just a half of the problem. The other half is that a
password-thief will change the email address as soon as he has the password
for a nick...so any new passwords will be sent to a wrong address. This is the
reason I was talking about a parallel db read-only for regular users...
Again, the idea may sound stupid and it has a lots of "bugs" in it (eg. How
and When to sync the two databases? How to prevent that the
"only-opers-can-modify" database will never sync with Nickserv database and
overwrite the good email address with the new/fake address from NickServ's db?
When to insert a new email? Only at registration time? And what to do with
users changeing email address? etc).
It's a long story...that's why I sayd it may sound stupid...but I guess there
are others too who have this kind of problems with stolen nicks.

Partizanu



Imran Ali Rashid wrote:

> 2. Implement a sendpass command which services admins may use to
>     have services send the password to the users email address.