[IRCServices] Check password without IDENTIFY

[Mark van Cuijk]

Hi,

> Well in this case it is - hm - not good ;)
> In fact I get only one terribly awful kind-of-work-around procedure in 
> mind: let your bot try to identify himself with the given password on 
> the given nick/chan - if services reply positive - the pass might be 
> the correct one.

The problem with this of course is that the bot must first take the 
nickname of that user and that would be a problem if that user is 
already online in the network.

> But this one is NOT really elegant and I would consider it a 
> high-security-risk and identifying for foreign nicks/chans is in my 
> opinion abusive...

When this is only possible for Services Admins, it would be that a risk 
(assuming the bot itself is secure enough that no harmfull commands 
could leak through).

> is it too complicate for users to learn some simple commands or to 
> read the help for getting commands they want?

I agree with you when you say this, including some of the people that 
are interested in computers and so, but I also host three game channels 
with total n00bs (sorry to express it this way) and since that's the 
largest group of all the users, they are my target. I want to make the 
page explain itself, with help text next to each field.

Anyway, we agreed on unsetting password encryption and therefore forcing 
everybody to set the password again.
When I have some things working, I'll send a notification message so 
people how are interested could take a look at it.

- Mark