Subject:
|
Re: E-mail authentication during posting
|
Newsgroups:
|
lugnet.admin.nntp
|
Date:
|
Tue, 19 Jun 2001 12:52:58 GMT
|
Viewed:
|
598 times
|
| |
| |
Daniel Crichton wrote:
>
> "Kerry Raymond" <kerry@dstc.edu.au> wrote in message
> news:GF5uAo.5x1@lugnet.com...
>
> > It would be nice if each NNTP message could carry its own authentication in
> > some simple software-independent solution.
>
> That's quite a neat idea, but as you say prone to risk of revealing the
> password.
Some tricks could be played to make it more secure. One would be to scan
the message for the user's password and if it found it, but it didn't
seem to be part of an authenticator, bounce the message. It could also
use a fuzzy match for the authenticator, though it should bounce
messages which aren't perfect. There is also a trivial way to prevent
errors. Have a user config parameter which lets the user select inline
authentication or mailback authentication. If the password doesn't
match, the message will be bounced, not even submitted for mailback
authentication.
Even without any special coding, a message with an incorrectly formatted
inline authenticator would be mailed back for web authentication as
currently (unless by some stroke of luck you managed to mistype so
badly, you actually gave someone elses authenticator, but then it
wouldn't match your from header, and would be stripped in any case).
--
Frank Filz
-----------------------------
Work: mailto:ffilz@us.ibm.com (business only please)
Home: mailto:ffilz@mindspring.com
|
|
Message has 2 Replies: | | Re: E-mail authentication during posting
|
| (...) you can't have the server scan for the users password in the message, since passwords arn't usually saved anywhere on the server at all. So to check for the password, each word, or combination of chars actually (since space can be part of the (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
| | | Re: E-mail authentication during posting
|
| (...) Inline authentication is used with success in some mailing list packages for moderating lists, but what worries me most about inline authentication is how easy it would be to accidentally cc someone when posting via e-mail (for example, if you (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
Message is in Reply To:
| | Re: E-mail authentication during posting
|
| "Kerry Raymond" <kerry@dstc.edu.au> wrote in message news:GF5uAo.5x1@lugnet.com... (...) in (...) That's quite a neat idea, but as you say prone to risk of revealing the password. I still think that using NNTP authentication will work, esp. if it (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
8 Messages in This Thread:
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|