To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 8390
8389  |  8391
Subject: 
 Re: Web interface cancels (was Re: Let's define what an auction announcement/update is)
Newsgroups: 
 lugnet.admin.general
Date: 
 Tue, 28 Nov 2000 18:47:59 GMT
Viewed: 
 136 times
  
In lugnet.admin.general, David Eaton writes:

I guess the problem is authentication? Hmm...
- cookie based (would only really work for members)
- name & email pair on a form (EASILY manipulable, insecure)
- automated 'bot accepting 'cancel' emails from verified email accounts
(wouldn't work for people w/ spamblock?)
- IP based (bad for ISPs, but good for short-term cancelling?)

I think it could be cookie based (he said, while simulteneously knowing nothing
about cookies).  After all, posting identity is cookie based, is it not?

Do we really need to worry about "rogue cancellers" cancelling all kinds of
Lugnet posts via the web any more than we need to worry about identity fraud in
posting via the web?  The security for both would be the same, essentially.

eric



Message has 2 Replies:
  Re: Web interface cancels (was Re: Let's define what an auction announcement/update is)
 
(...) Not really, although it can be. The problem being mainly that the web interface will still let you post if you don't have a cookie. It can actually give you a new one in some cases. So if I post a message as Bob Shmoe, I can get a cookie as (...) (24 years ago, 28-Nov-00, to lugnet.admin.general)
  Re: Web interface cancels (was Re: Let's define what an auction announcement/update is)
 
(...) One amelioration for the rogue cancel problem would be for the web interface to "stash" a cancelled post somewhere safe. Lots of variations on that possible. In addition to the stash, send it in email to the address given in the posting (...) (24 years ago, 28-Nov-00, to lugnet.admin.general)

Message is in Reply To:
  Re: Web interface cancels (was Re: Let's define what an auction announcement/update is)
 
(...) Agree. Taking away cancel from NNTP would probably be a step backwards-- I don't want to stoop to the lowest common denominator... But it'd be nice to be able to cancel things via the web interface, or at least things posted via the web (...) (24 years ago, 28-Nov-00, to lugnet.admin.general)

10 Messages in This Thread:




Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR