To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 7832
7831  |  7833
Subject: 
 Re: pw checking (was: Re: LUGNET Memberships)
Newsgroups: 
 lugnet.admin.general
Date: 
 Thu, 28 Sep 2000 23:13:39 GMT
Viewed: 
 340 times
  
Todd Lehman <lehman@javanet.com> wrote in message
news:G1L15F.K94@lugnet.com...
[snip]
that doesn't really protect any vital information
while at the same time you have a security hole on the other end
where people can post under other's names.

Well, as you are aware, to get authentication in pure NNTP means password-
protecting incoming connections.  On the server side, it means throwing a
switch and maintaining a table of usernames and crypted pw's.  On the • client
side, it means having a much less open news system, and I'm not even sure • if
all the popular NNTP clients support pw's, either.  I can't look into a
magical crystal ball and know that the NNTP connections will -never- need • to
be pw-protected (let's pray they don't) but I do know that it would have • been
a fatal mistake to pw protect them at the beginning, and probably at just
about any point as well in the future without an extremely compelling • reason.
Even so, just because one portion of a system using a legacy protocol for
message transport happens not to have user authentication, it doesn't • follow
that other new portions of the same system should be implemented without • it
as well, or implemented poorly.

Why would it have been a mistake to protect them?  IMHO, if anyone can fake
a post to your server from someone, then you open yourself up to a whole
Pandora's box of legal ramifications.

I know that Outlook Express has password authentication if it's needed.

What is really needed, though, is something that warns you of people
attempting to impersonate other posters.  If you know about the attempt, and
can delete the posts before they get to be a problem, then that is certainly
going to help if someone complains about the faked post.

Cheers ...

Geoffrey Hyde



1 Message in This Thread:

Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR