 | | Re: E-mail authentication during posting —Daniel Crichton
|
| | | "LUGNET Admin" <todd@lugnet.com> wrote in message news:GF40AG.31A@lugnet.com... (...) send (...) This (...) message (...) and (...) What percentage of the news readers allow the use of authenticated NNTP? I know OE does, you simply supply a login (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | |
| | | | | Re: E-mail authentication during posting —Horst Lehner
|
| | | | | Hello again, just a few seconds ago, I sent my suggestions on how authentication could be made most convenient, but I obviously missed the most integrated and straightforward idea: (...) So, thanks, Daniel, for bringing this up. I would strongly (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | | |
| | | | | | | Re: E-mail authentication during posting —Daniel Crichton
|
| | | | | | | "Horst Lehner" <Horst_Lehner@mausnet.de> wrote in message news:B7539131.54B6%H...snet.de... (...) be (...) I saw your post, and I like the idea of using digital signatures, but it's not practical for everyone, esp. if their news reader does support (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | | | | |
| | | | | | | Re: E-mail authentication during posting — Todd Lehman
|
| | | | | | (...) This was talked about a couple weeks ago already, actually, and I don't really think it's a workable option, unfortunately. -- Todd S. Lehman | LUGNET Admin <todd@lugnet.com> (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | | | |
| | | | | | | | Re: E-mail authentication during posting —Daniel Crichton
|
| | | | | | "LUGNET Admin" <todd@lugnet.com> wrote in message news:GF4HrG.C3I@lugnet.com... (...) In that case I like Horst's idea of being able to list all posts for a user on a single page and being able to tick the ones to post, tick the ones to delete, and (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | | | |
| | | | | Re: E-mail authentication during posting — Todd Lehman
|
| | | | (...) As far as I'm aware, zero. NNTP doesn't do authentication -- it does authorization. That is, if you're authorized to post to the server (after giving your username/password), you can still forge messages in anyone's name. Some server hacks (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | |
| | | | | | Re: E-mail authentication during posting —Iain M. Barker
|
| | | | (...) A public news server that I use allows people to connect and read messages freely, but requires a username/password to post, so it shouldn't be unfeasible to do that here. You'd still need to do some additional checking to ensure the username (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | |
| | | | | | Re: E-mail authentication during posting —Matthew Miller
|
| | | | (...) It's that second part that's tricky. The first part doesn't help, because once logged in as anybody, you can post as anybody else. (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | |
| | | | | | Re: E-mail authentication during posting —Frank Filz
|
| | | | (...) Do we have to worry that much about that? I think the primary concern is to have a reasonable way to block posting by unauthorized folks. If you abuse your priviledges, your NNTP ID/password would be revoked. (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | |
| | | | | | Re: E-mail authentication during posting —Eric Kingsley
|
| | | | | (...) It's already been proven that revoking priviledges doesn't work. Whatever fix is put in needs to address the problem as much as possible before it gets to the revokation point, IMHO. Sure you can revoke an ID/password but what is to stop them (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | | |
| | | | | | | Re: E-mail authentication during posting —Daniel Crichton
|
| | | | | | "Eric Kingsley" <kingsley@nelug.org> wrote in message news:GF4oDv.5ww@lugnet.com... (...) fix (...) to (...) is to (...) you (...) This new system has little benefit over the existing open one if you look at it from the view of being able to block (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | | | |
| | | | | | | | Re: E-mail authentication during posting —Daniel Crichton
|
| | | | | | BTW, I just wanted to also add that I think Todd has done a great job of finding a way to stop the recent hijacking problem, and I hope my comments don't sound like I'm moaning too much. Hopefully these discussions will bring about some new ideas on (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | | | |
| | | | | | Re: E-mail authentication during posting —Matthew Miller
|
| | | | (...) But it has to be easy to create a new account -- otherwise, new people would be scared off. So having one of those revoked isn't very meaningful. (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| | | | |
