To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.curatorsOpen lugnet.admin.curators in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / Curators / 343
342  |  344
Subject: 
Re: A Change
Newsgroups: 
lugnet.admin.suggestions, lugnet.admin.nntp, lugnet.people, lugnet.general, lugnet.admin.curators
Followup-To: 
lugnet.admin.nntp
Date: 
Sat, 10 May 2003 19:58:37 GMT
Viewed: 
184 times
  
In lugnet.admin.suggestions, Troy Cefaratti writes:
[...]
I personally download a lot from various news servers.  They all require me
to enter password to read and post messages, except for Lugnet.  Why can't
Lugnet just require passwords for the news server like it requires passwords
for the web interface?  This would verify the user without any additional
steps such as verification.

Troy, I could be wrong but my understanding of the way NNTP authentication &
authorization works is that it's session-based rather than message-based or
function-based.

That is, I think when you require a username and password at login, when you
initiate the NNTP connection, it's an all-or-nothing thing.

Now, this could probably fall back to read-only access if you didn't provide
a username and password, but a successful login doesn't prevent someone from
forging posts in other peoples' names.

In other words, the username/password combination in the NNTP protocol
_authorizes_ but doesn't _authenticate_ for practical purposes.

However, I think there is still a glimmer of hope:  it should be possible in
theory to modify the NNTP server such that it inserts your login id into the
incoming message stream somehow when it receives a post.  This would have to
happen at the low, protocol level.  Alternatively, other methods involving
kluges might make it work too -- as long as your login id is remembered
after login and somehow associated with the content of the article you post,
then for practical purposes it has authenticated your post.

I *think* this could be made to work somehow with some hacking.

I'd like to revisit this in a month or two, after the member/user
unification, which in my mind is a prerequisite for this happening in any
sane way codewise.

--Todd

[xfut => lugnet.admin.nntp]



Message is in Reply To:
  Re: A Change
 
"Dave Johann" <legomecha@adelphia.net> wrote in message news:HEL9DL.1u1G@lugnet.com... (...) that (...) last (...) And what still turns me off from using the web interface is the inability to track which messages I have read already in a reliable (...) (22 years ago, 10-May-03, to lugnet.admin.suggestions, lugnet.admin.nntp, lugnet.people, lugnet.general, lugnet.admin.curators)

53 Messages in This Thread:






















Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR