To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 8393
8392  |  8394
Subject: 
 Re: Web interface cancels (was Re: Let's define what an auction announcement/update is)
Newsgroups: 
 lugnet.admin.general
Date: 
 Tue, 28 Nov 2000 20:40:59 GMT
Viewed: 
 264 times
  
In lugnet.admin.general, Dan Boger writes:
eh?  the only way you can get an id cookie is by putting in the
confirmation code, isn't it?  Also, if you can cancel messages only by you,
and only if you're logged in (have to be a member), that's pretty secure...
No way to get the member login cookie without going through the password
page...

Oh? I could easily be wrong-- being a still-starting-out web programmer my
browser's cookies are always being rewritten, etc, so I'm not sure. But I
thought that there were something like three different cookies that Lugnet
can drop you?
- member cookie
- skip-filter cookie
- id cookie

I could be wrong about that ID cookie, but I seem to remember not having to
manually fill in the form fields for a while thanks to having a cookie on my
browser, and I don't remember being a member at the time... could be wrong
though, as I said...

Anyway, I'd say that if it's based off of the member cookie, it's pretty
gosh darn secure. You'd have to know the member's login to get the cookie
(or use their browser) and that's password protected, so I'd be fine with
that... would probably even be easier to implement? It just doesn't give a
way for non-members to cancel posts... not that I'm affected by that
decision :) Still a consideration, I spose though...

this would be a problem, since browsers only keep a limited amount of
cookies at any time...

I had thought that was only true of Netscape? Could be wrong... dunno...
Actually, I seem to recall 1st hearing of that from Todd :)

I believe the problem here is that, yes, you can secure the web interface
pretty easily - but securing nntp is more difficult, and securing smtp is
very close to impossible...  so what's the point of getting only the web
interface?

Very true.

DaveE



Message is in Reply To:
  Re: Web interface cancels (was Re: Let's define what an auction announcement/update is)
 
(...) eh? the only way you can get an id cookie is by putting in the confirmation code, isn't it? Also, if you can cancel messages only by you, and only if you're logged in (have to be a member), that's pretty secure... No way to get the member (...) (24 years ago, 28-Nov-00, to lugnet.admin.general)

10 Messages in This Thread:




Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR