Subject:
|
Re: E-mail authentication during posting
|
Newsgroups:
|
lugnet.admin.nntp
|
Date:
|
Tue, 19 Jun 2001 22:14:53 GMT
|
Viewed:
|
583 times
|
| |
|
|
In lugnet.admin.nntp, Frank Filz writes:
> [...]
> Even without any special coding, a message with an incorrectly formatted
> inline authenticator would be mailed back for web authentication as
> currently (unless by some stroke of luck you managed to mistype so
> badly, you actually gave someone elses authenticator, but then it
> wouldn't match your from header, and would be stripped in any case).
Inline authentication is used with success in some mailing list packages
for moderating lists, but what worries me most about inline authentication
is how easy it would be to accidentally cc someone when posting via e-mail
(for example, if you used the Reply-To-All button) or to unknowingly send
a reply via e-mail to someone when you thought you were posting it to the
NNTP server (for example, if someone had set Followup-To: poster.
--
Todd S. Lehman | LUGNET Admin <todd@lugnet.com>
|
|
Message has 1 Reply:
 | | Re: E-mail authentication during posting
|
| Hello Todd, hello everybody, (...) ^^^...^^^ Or if someone is using Outlook Express, which unfortunately defaults to email response when hitting "reply" in the toolbar ... :-( I have been following the discussion about inline authentication for a (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp)
|
Message is in Reply To:
| | Re: E-mail authentication during posting
|
| (...) Some tricks could be played to make it more secure. One would be to scan the message for the user's password and if it found it, but it didn't seem to be part of an authenticator, bounce the message. It could also use a fuzzy match for the (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
8 Messages in This Thread:
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
