 | | Re: E-mail authentication during posting
|
|
(...) As far as I'm aware, zero. NNTP doesn't do authentication -- it does authorization. That is, if you're authorized to post to the server (after giving your username/password), you can still forge messages in anyone's name. Some server hacks (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) A public news server that I use allows people to connect and read messages freely, but requires a username/password to post, so it shouldn't be unfeasible to do that here. You'd still need to do some additional checking to ensure the username (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) It's that second part that's tricky. The first part doesn't help, because once logged in as anybody, you can post as anybody else. (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) Do we have to worry that much about that? I think the primary concern is to have a reasonable way to block posting by unauthorized folks. If you abuse your priviledges, your NNTP ID/password would be revoked. (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) It's already been proven that revoking priviledges doesn't work. Whatever fix is put in needs to address the problem as much as possible before it gets to the revokation point, IMHO. Sure you can revoke an ID/password but what is to stop them (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
"Eric Kingsley" <kingsley@nelug.org> wrote in message news:GF4oDv.5ww@lugnet.com... (...) fix (...) to (...) is to (...) you (...) This new system has little benefit over the existing open one if you look at it from the view of being able to block (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
BTW, I just wanted to also add that I think Todd has done a great job of finding a way to stop the recent hijacking problem, and I hope my comments don't sound like I'm moaning too much. Hopefully these discussions will bring about some new ideas on (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) But it has to be easy to create a new account -- otherwise, new people would be scared off. So having one of those revoked isn't very meaningful. (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
