To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.peopleOpen lugnet.people in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 People / 1120
1119  |  1121
Subject: 
 pw checking (was: Re: LUGNET Memberships)
Newsgroups: 
 lugnet.people, lugnet.admin.general
Followup-To: 
 lugnet.admin.general
Date: 
 Thu, 28 Sep 2000 05:41:39 GMT
Viewed: 
 6313 times
  
In lugnet.people, Dan Jezek writes:
I was thinking more from the perspective of what you are going to create
that will have a span of 9 months and not what might happen on the internet
outside of LUGNET in 9 months.

Well, enough new things that I think it will be hard for anyone to continue
belittling the checking anymore.  Plus, as I said before, it's possible (and
likely, I hope) that the checking will be less stringent.  Right now I'm
guesstimating that it could safely be made 3 orders of magnitude (base 10,
that is) less stringent, with a bit of clever intrusion detection, tracking,
and deterrants.

This still doesn't explain why you have a sophisticated password system

It's a foundation?

(including a dictionary of 3 million words in 20 languages which I assume is
for the password check alone?)

Well, a password checker worth anything consults a dictionary (among other
checks).  Putting in 3 million words in 20 languages is just as easy as
10,000 words from a single language.  The dictionary check was actually one
of the easier parts of the checker to implement.

that doesn't really protect any vital information
while at the same time you have a security hole on the other end
where people can post under other's names.

Well, as you are aware, to get authentication in pure NNTP means password-
protecting incoming connections.  On the server side, it means throwing a
switch and maintaining a table of usernames and crypted pw's.  On the client
side, it means having a much less open news system, and I'm not even sure if
all the popular NNTP clients support pw's, either.  I can't look into a
magical crystal ball and know that the NNTP connections will -never- need to
be pw-protected (let's pray they don't) but I do know that it would have been
a fatal mistake to pw protect them at the beginning, and probably at just
about any point as well in the future without an extremely compelling reason.
Even so, just because one portion of a system using a legacy protocol for
message transport happens not to have user authentication, it doesn't follow
that other new portions of the same system should be implemented without it
as well, or implemented poorly.

--Todd



Message is in Reply To:
  Re: LUGNET Memberships
 
(...) I was thinking more from the perspective of what you are going to create that will have a span of 9 months and not what might happen on the internet outside of LUGNET in 9 months. This still doesn't explain why you have a sophisticated (...) (24 years ago, 28-Sep-00, to lugnet.people, lugnet.admin.general)

113 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR