To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 3650
3649  |  3651
Subject: 
 Re: Enhanced verification (was: Re: What the F.......)
Newsgroups: 
 lugnet.admin.general
Date: 
 Tue, 14 Dec 1999 21:40:32 GMT
Viewed: 
 124 times
  
In lugnet.admin.general, Eric Kingsley writes:
How about if durring sign-up there were an additional field for a "code
word" or "password" if you are more comfortable with that term although I
don't think this is a complicated as a "password".  In this case if that
field were left blank things would work as they do today and people could
post using a news-reader or the web interface.  If something were entered
however this value would be stored in the cookie and would be needed to
post so if someone were to use a different PC (that didn't already have a
cookie) they would have to enter this "code word" as well in order to post.

I think you might be onto something there.  Ignoring for the moment the
issues of someone possibly wanting to change their code word later or
needing their memory refreshed, what you're suggesting is quite feasable.


Of course this would require posting via the web interface but I think
your solution also had this requirement.

Hmm, if the code word was sent via a custom NNTP header, and then stripped
after verification but before injecting the article, then it could also work
via NNTP for newsreaders that support writing in custom headers.  The danger
there though is if someone gets cc'd via email on a posting -- then the
headers would be exposed.  So that's not a good idea, even though it -could-
work if someone was very careful.  But we don't want people to have to be
quite that careful, because cc'ing people via email is relatively common.


This would also not deal with
the issue of someone using Brad's PC and posting as Brad but I think that
is the least problematic of all the problems.  It seems to me that the big
issue is someone posting from their computer as Brad, as was demonstraited
earlier.

Yup, that's the big one.


The other benifit of using this type of approach would be that membership
would not be required.

Avoiding the membership requirement would be nice.  Not having to write a
whole new password/passcode subsytem for non-members would also be nice.  :-)


This may be oversimplified but it was a thought and I am sure that you
(Todd) being the expert here has a much clearer view of the situation and
the solutions then I would.

I think it's definitely worth considering...thanks for the suggestion.

--Todd



Message has 1 Reply:
  Re: Enhanced verification (was: Re: What the F.......)
 
(...) I just did a little test with sending a Distribution: header via Agent, and it gets stripped off the mail (somewhere). Presumably because Distribution: is only defined for NNTP, and not SMTP. I was actually thinking of using the Approved: (...) (25 years ago, 15-Dec-99, to lugnet.admin.general)

Message is in Reply To:
  Re: Enhanced verification (was: Re: What the F.......)
 
(...) OK I think I am getting this now. Actually it tripped another synapse :-) and I got another idea that might be bad and it might not. Actually it might even be similar to some of the ideas you have allready mentioned. How about if durring (...) (25 years ago, 14-Dec-99, to lugnet.admin.general)

7 Messages in This Thread:


Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR