To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.nntpOpen lugnet.admin.nntp in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / NNTP / 789
788  |  790
Subject: 
Re: E-mail authentication during posting
Newsgroups: 
lugnet.admin.nntp
Date: 
Mon, 18 Jun 2001 13:56:17 GMT
Viewed: 
524 times
  
"Eric Kingsley" <kingsley@nelug.org> wrote in message
news:GF4oDv.5ww@lugnet.com...
It's already been proven that revoking priviledges doesn't work.  Whatever • fix
is put in needs to address the problem as much as possible before it gets • to
the revokation point, IMHO.  Sure you can revoke an ID/password but what • is to
stop them from getting another one?  Possibly something could be tied to • you
member ID but I don't know if that is reasonable or not.

This new system has little benefit over the existing open one if you look at
it from the view of being able to block posting by individuals. I have about
30 different email accounts in various places so just banning one email
address doesn't stop me signing up with a different address and a new name
and posting again. This system only addresses preventing someone using an
existing name and address for their own use. The added hassle of having to
take 3 steps for each post rather than 1 is a real pain - using an id and
password in the NNTP protocol would get the system back to 1 step and still
prevent hijacking of the name and email address as the current name and
address check could be combined with the id and password check, and as the
id and password are hidden it would be difficult without a way of tapping
the route between the poster and the server to obtain those credentials. If
the server could be setup to allow reading by anyone but only allow posting
with a valid id and password that would solve both the id/password
requirement for casual readers (no longer an issue) and the verification of
the poster (send their id and password via email when they sign up, allow
them to change the password via the web interface, you know their address
must be valid and belongs to them and the details can't be used by someone
else).

Today was the first time I'd taken a look at admin.nntp as I didn't realise
it was here, otherwise I'd have got more involved when the changes were
first being discussed - I don't remember there being a mention in .announce
about the discussion, the first I saw was when I got the message by mail
that the system had changed. Guess I'll have to check the rest of the list
of groups to see if there are any others I might need to start reading.

Dan



Message has 1 Reply:
  Re: E-mail authentication during posting
 
BTW, I just wanted to also add that I think Todd has done a great job of finding a way to stop the recent hijacking problem, and I hope my comments don't sound like I'm moaning too much. Hopefully these discussions will bring about some new ideas on (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)

Message is in Reply To:
  Re: E-mail authentication during posting
 
(...) It's already been proven that revoking priviledges doesn't work. Whatever fix is put in needs to address the problem as much as possible before it gets to the revokation point, IMHO. Sure you can revoke an ID/password but what is to stop them (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)

13 Messages in This Thread:




Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR