Subject:
|
Re: Enhanced verification (was: Re: What the F.......)
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Tue, 14 Dec 1999 20:07:01 GMT
|
Viewed:
|
150 times
|
| |
|
|
In lugnet.admin.general, Eric Kingsley writes:
> I like this idea although I don't understand how it would help in terms
> of the issue we are currently discussing.
It would allow Brad to say to the system, "Hey, don't let anyone post to
the system using
From: Brad Justus <legodirect@lego.com>
unless it was actually Brad Justus (as verified by his ID & password).
> Would this require someone to sign in once a day the first time they go to
> LUGNET?
No.
> If so does that mean you would be using some sort of temporary cookie?
No, not unless you wanted to.
> OK a lot of this is over my head. I definitly think there is a need to put
> some security around official TLC postings in order to minimize the chance
> of an imposter. One thing I don't understand is if TLC representative such
> as Brad want to do this and it requires them to be members does that mean
> they need to be "paying members". I would hope for some sort of exemption
> for someone like Brad but if that was not possible I would like to help in
> what ever way I can to make sure Brad can post in a secure environment.
Going the route of a separate user group of people (for TLC employees), each
group dictates how its members are admitted, which can be different for each
group.
> How exactly would you monitor who was allowed to sign up for which "user
> group". Obviously not everyone could sign up to be in the TLC "user group"
> so how would you make sure that only TLC employee's got into this group.
It should be up to each group to do that. For example, each group chooses
someone to pass or fail new applications to the group.
> Of course I would like to talk more about using LUGNET to handle NELUG
> memberships but Brad's case is definitly a priority so we can talk more
> later about how this would work.
I think it could probably end up happening somewhat simultaneously... The
underlying code would be similar across all groups once it's sufficiently
generalized away from the current special case.
> 1. You were able to determine earlier from a log that Brad's IP address
> was a TLC address. Could you use this to authenticate Brad?
Conceivably, but not without side-effects. For example, Brad's IP address
might change over time (for all I know) yet still remain within the TLC
address block. Or someone else might want to borrow Brad's machine to post
a quick message, which would fail for them because it was using Brad's IP
address and not theirs.
> Could something check Brad's IP to ensure that his combination of Name and
> E-mail address are coming from a known LEGO IP?
Yes. But that gets pretty restrictive. Brad or other TLC employees couldn't
use dynamic IP from home then, if they ever wanted to check in at night on a
home dial-up modem system.
> If so could this be optional so the rest of us can post from multiple
> computers on multiple networks (i.e. Home and Work)
You mean like specifying a list of subnet masks?
> If this were doable maybe there could be some sort of check for any
> lego.com or mindstorms.com etc etc address was coming from an offical
> LEGO IP. I don't know how easy it would be to maintain such a database
> but it is a thought. This may not be technically feasible either I don't
> know.
Accomplishing that correctly and accurately might involve having to collect
too much detailed sensitive information, so it might not be completely
feasible. But I think it would be technically feasible. Certainly it would
be pretty easy to check for a range of IP addresses, but that would only
verify that it came from some area, rather than a specific person.
--Todd
|
|
Message has 2 Replies:
Message is in Reply To:
7 Messages in This Thread:
   
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
