Subject:
|
Re: posting varification, ug!
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Tue, 14 Aug 2001 17:00:47 GMT
|
Viewed:
|
691 times
|
| |
|
|
In lugnet.admin.general, "Dan Boger" <dan@peeron.com> writes:
> > If members are spoofing posts, there's a real problem. I'd think that if
> > someone does NNTP-authentication to their membership id/password[1], they
> > should be able to post via NNTP without further confirmations.
>
> since anyone can become a member, if a malicious user wanted to spoof Suz,
> for instance, all he had to do is fork out $10... Doesn't sound like much
> of a problem to me... True, it might be easier to track such spoofs down,
> but it won't stop them from happening.
Ya, this is somewhat of a loophole (but a known one, and mentioned when the
authentication mechanism was announced) and it needs closing. On the other
hand, if someone were to try this, their Member ID would appear in the NNTP
headers of the message, pointing right to them. (And the Member ID is
always erased and replaced if someone tries to forge it via NNTP posting.)
--
Todd S. Lehman | LUGNET Admin <todd@lugnet.com>
|
|
Message is in Reply To:
 | | Re: posting varification, ug!
|
| (...) nod - that does make sense. I know Jennifer and I still don't use the web interface, but we're special :) (...) since anyone can become a member, if a malicious user wanted to spoof Suz, for instance, all he had to do is fork out $10... (...) (23 years ago, 13-Aug-01, to lugnet.admin.general)
|
15 Messages in This Thread:
 
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
