|
 | | Re: E-mail authentication during posting
|
| (...) Todd, I know you didn't ask for suggestions and probably don't want any, but I'm going to throw one out anyway. Would it be possible to concatenate the confirmation messages for a given time-period into one message? It would remove the instant (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|  
mail
(score: 0.293)
|
|
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| (...) My idea was provide a link to a place where I can more easily confirm a bunch of messages, perhaps on my login screen or something. In any case, you would only be able to get to the pending messages for the user your browser is logged into. (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| (...) Wouldn't that allow a determined spoofer to wait till it was obvious that someone known to be a member was logged in (say if he saw a flurry of posts from you in .pirate within a few min of each other) and then spoof as you, at least as long (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| (...) Wouldn't that allow a determined spoofer to wait till it was obvious that someone known to be a member was logged in (say if he saw a flurry of posts from you in .pirate within a few min of each other) and then spoof as you, at least as long (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| (...) A followup thought to this - provide a "confirm my posts" link to the web interface when you are logged on. This would allow use of NNTP to post (I much prefer it due to a variety of interface issues, including size of the area to type the (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| Hi Todd, I understand the reasons for doing this, but unfortunately, I used a newsreader to check LUGNet. Now if I want to post, I'll have to go to my browser, look up the newsgroup, find the message I want to respond to, and then post. Needless to (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| Well, I understand the problem, but also see another one with this. For people personally paying for their bandwith it will just be even more expensive. I tested only one message now, but how about checking several messages at once? Or a better (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp, lugnet.general)
| |
|
mail
(score: 0.292)
|
|
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| "Kerry Raymond" <kerry@dstc.edu.au> wrote in message news:GF5uAo.5x1@lugnet.com... (...) in (...) That's quite a neat idea, but as you say prone to risk of revealing the password. I still think that using NNTP authentication will work, esp. if it (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| (...) It's already been proven that revoking priviledges doesn't work. Whatever fix is put in needs to address the problem as much as possible before it gets to the revokation point, IMHO. Sure you can revoke an ID/password but what is to stop them (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| (...) Do we have to worry that much about that? I think the primary concern is to have a reasonable way to block posting by unauthorized folks. If you abuse your priviledges, your NNTP ID/password would be revoked. (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| First of all, thanks for putting in a quick fix. This should defenitly work, now we just need to figure out a way to make it easier :) In lugnet.admin.nntp, Horst Lehner writes: \>Also, PGP encryption could potentially be used to offer a totally (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| (...) Todd, I just wanted to thank you publicly for doing this. I know its not perfect but I personally would rather live with a little inconvenience then have to deal with people stealing identities. Fortunately for me I am a member that uses the (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| (...) I was wondering about that, but how do you avoid things like bad vacation programs or other auto-responders, or people who just hit Reply and scream back some curses? :) I suppose it could work if you had to reply AND put, say, an 'x' into a (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
|
| |
|
mail
(score: 0.292)
|
|
| | Re: E-mail authentication during posting
|
| (...) As far as I'm aware, zero. NNTP doesn't do authentication -- it does authorization. That is, if you're authorized to post to the server (after giving your username/password), you can still forge messages in anyone's name. Some server hacks (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
| |
|
mail
(score: 0.292)
|
