 | | Re: E-mail authentication during posting
|
|
This is really annoying and is impacting my posting frequency. Since I use a cable modem, I'm always posting from the same IP address. Is there any way to enter an IP address as "authorized" to be myself? If that won't work, how about making it so (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) Ditto. I have a static IP as well. But I think it's possible people may post from more than one place, so if this is done, it should be allowed to enter more than one IP address, or to allow the authentication mechanism to work if you are not (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) but by doing that, you'll be breaking the whole authentication process - If I know that you have such a rule that auto authorizes posts by you, I can spoof posts as you with no problem... your auto-reply will authorize them without (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) Not currently, no. Let me think about IP-based authentication for a while. (...) This I can definitely do, but it will have to be at least somewhat interactive so that someone doesn't accidentally cause a message to get posted simply by (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) What Dan said, plus I think IP addresses could be spoofed... ++Lar (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) IP addresses can easily be spoofed, as long as you don't need an interactive session... as in, if I just need to send an HTTP POST, and don't need to read the reply, I can spoof the source ip with no problem. :/ (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) Personally, I am not a big fan of doing anything IP based. There are far too many problems. AOL dials, multiple computers (I regularly use three myself) and many other issues have made me decide against this method time and time again. <END (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) And it'd have to be something that can't be easily automated by the poster - this defeats the scheme. I've seen some web pages which generate a bitmap containing a string which isn't easily scanned, and asks you to type the string in to (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
Hello Ross, hello everybody, (...) Can one of you set me straight: I assume the attacker has no access to my email account. How could he, then, automate an email reply I have to send in order to make my post valid? As for a minimum amount of (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) Not to mention the fact that many businesses and ISP's (Roadrunner for one) use DHCP so peoples IP's can and do change from day to day. I agree with Jake in his view that IP based authentication just won't work. Eric Kingsley (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) I'm not either -- at least not as something that can be relied upon for everyone. (...) Ya, it's fine for short-term login things when mixed with a password, but HTTP proxy servers really complicate the equation. Basically you can't trust the (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) If you automate the reponse to the authentication e-mail, all I have to do is spoof your identity as Mad Hatter has done several times. Because the authentication gets sent to your email regardless of where I post from, and your response is (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
What if the email message that was sent contained HTML, so rather than having to reply or go to an URL, those of us with HTML capable email clients could just click a submit button? The email could have the same choices the confirmation page has. (...) (23 years ago, 21-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) This would help a few (maybe a lot) more people, but some people still use mail clients which don't support HTML, so they would need a text-based solution as well. Probably better to try & get a useable text-based solution first, and add HTML (...) (23 years ago, 21-Jun-01, to lugnet.admin.nntp)
|
| |
| | Re: E-mail authentication during posting
|
|
(...) solution (...) I think that the current solution works fine, I was just thinking of how to make it even better. I often use pine for email (mostly at work), so I wouldn't want to do away with the current email that is sent. Can't email be sent (...) (23 years ago, 21-Jun-01, to lugnet.admin.nntp)
|
