Subject:
|
Re: E-mail authentication during posting
|
Newsgroups:
|
lugnet.admin.nntp
|
Date:
|
Mon, 18 Jun 2001 12:09:18 GMT
|
Viewed:
|
454 times
|
| |
|
|
In lugnet.admin.nntp, Todd Lehman writes:
> In lugnet.admin.nntp, Daniel Crichton writes:
> > What percentage of the news readers allow the use of authenticated NNTP?
>
> As far as I'm aware, zero. NNTP doesn't do authentication -- it does
> authorization. That is, if you're authorized to post to the server
> (after giving your username/password), you can still forge messages in
> anyone's name. Some server hacks might be possible that would match up
> the authorization entry with an authentication entry, but the server would
> still be requiring a username/password just to let people read, unless there
> was a read-only server and a read-write server.
A public news server that I use allows people to connect and read messages
freely, but requires a username/password to post, so it shouldn't be
unfeasible to do that here. You'd still need to do some additional checking
to ensure the username matched the sender's name, though.
--
Iain
imb@clara.net
"how can you say that iain is a furyy fpevcg?!" - kristen
|
|
Message has 1 Reply:
Message is in Reply To:
 | | Re: E-mail authentication during posting
|
| (...) As far as I'm aware, zero. NNTP doesn't do authentication -- it does authorization. That is, if you're authorized to post to the server (after giving your username/password), you can still forge messages in anyone's name. Some server hacks (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
13 Messages in This Thread:
  
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
