To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 8391
8390  |  8392
Subject: 
 Re: Web interface cancels (was Re: Let's define what an auction announcement/update is)
Newsgroups: 
 lugnet.admin.general
Date: 
 Tue, 28 Nov 2000 19:38:25 GMT
Viewed: 
 265 times
  
In lugnet.admin.general, Eric Joslin writes:
I think it could be cookie based (he said, while simulteneously knowing >nothing about cookies).  After all, posting identity is cookie based, is it
not?

Not really, although it can be. The problem being mainly that the web
interface will still let you post if you don't have a cookie. It can
actually give you a new one in some cases. So if I post a message as Bob
Shmoe, I can get a cookie as him, then cancel his posts. Hence, the problem
isn't really solved unless Todd implements some user tracking via cookies or
something.

BUT, I suppose you COULD do it off of cookies in a limited way:
-each post via the web interface has a cookie associated with it.
-only browsers passing back that cookie are capable of cancelling that message.

The upside is that it'd work, and it'd be secure. But you couldn't
necessarily cancel posts you made from 'a long time ago' (if your cookies
were since overwritten, lost, whatever), and you also couldn't cancel posts
made with another browser (I.E. I can't cancel a post I made from home while
at work). In other words, it'd be limited. But, yes, it could work. Although
I dunno much about the message DB. It could be tough to implement on Todd's
side. Dunno.

Do we really need to worry about "rogue cancellers" cancelling all kinds of
Lugnet posts via the web any more than we need to worry about identity fraud >in posting via the web?  The security for both would be the same, essentially.

I suppose that's true. Certainly if I was mad at Bob Shmoe, I could just
post via the web interface and say "Hi, I'm an idiot, and I really think
Dave's wicked cool. - Bob". Although I guess I'd like to have more security
than less, if possible. Guess it boils down to how much work it is to get an
authentication system and how Todd feels about it...

DaveE



Message has 2 Replies:
  Re: Web interface cancels (was Re: Let's define what an auction announcement/update is)
 
(...) eh? the only way you can get an id cookie is by putting in the confirmation code, isn't it? Also, if you can cancel messages only by you, and only if you're logged in (have to be a member), that's pretty secure... No way to get the member (...) (24 years ago, 28-Nov-00, to lugnet.admin.general)
  Re: Web interface cancels (was Re: Let's define what an auction announcement/update is)
 
(...) Ug, that's kinda gross. I think the cleanest way is what someone suggested earlier: When you request that a post be cancelled, the server simply send a confirmation e-mail to the person who posted the message. If they get the e-mail, it proves (...) (24 years ago, 28-Nov-00, to lugnet.admin.general)

Message is in Reply To:
  Re: Web interface cancels (was Re: Let's define what an auction announcement/update is)
 
(...) I think it could be cookie based (he said, while simulteneously knowing nothing about cookies). After all, posting identity is cookie based, is it not? Do we really need to worry about "rogue cancellers" cancelling all kinds of Lugnet posts (...) (24 years ago, 28-Nov-00, to lugnet.admin.general)

10 Messages in This Thread:




Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR