|
|
| Author |
Message |
Talrias
Lurker
Joined: 16 Feb 2004
Posts: 163
Location: :noitacoL
|
 Posted: Jun 27, 2004 1:42pm Post subject: |
 |
|
I'm curious as to what you mean by auto-authentication.
Do you mean a simple /msg AuthServ auth username password style thing on connect, or a more complicated system involving parsing messages sent from other users and working out whether it is actually a network service?
I don't see any problem with auto-authentication on connect, in fact I find it incredibly useful. Many networks have command aliases set up (for example /nickserv maps to /msg nickserv@services.server to ensure the message travels to the actual service), and if this is the case I find it hard to understand why having a script which automatically does this for you when you connect is not a good idea.
Congratulations on becoming a moderator, by the way, uchat.
Chris |
|
| Back to top |
|
 |
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: Jun 27, 2004 1:48pm Post subject: |
|
|
thanks Chris  |
|
| Back to top |
|
|
Ashen
Idler
Joined: 05 Jan 2004
Posts: 285
|
| Posted: Jun 27, 2004 2:06pm Post subject: |
|
|
Indeed, you don't even need a script - just put your nickserv password in the sever's password connect field/config setting, and the ircd will forward it to nickserv and identify you at signon.
uchat, congrats on becoming a mod ------ and I hope you donated those stars of yours to charity - seeing as you (if I remember rightly) had enough to light up a small town |
|
| Back to top |
|
|
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: Jun 27, 2004 2:11pm Post subject: |
|
|
| lol .. I had 1 star more than you have currently .. |
|
| Back to top |
|
|
mouselike
Idler
Joined: 09 Dec 2003
Posts: 261
|
| Posted: Jun 27, 2004 2:37pm Post subject: |
|
|
congrats on being a moderator, see i can be nice off topic 
Back to the discussion...
Talrias yes /NS and /IDENTIFY do allow this, but as the topic was about quakenet security which was led on to auto-id scripts which then led on to compromisation in retrival of passwords, regardless if it delivers it to the specific psudeo client or not, altered clients without the users knowledge can easily also deliver those messages to other networks/channels or via other means, but yes its secure enough aslong as the user isnt stupid enough to click any url's or download files from strangers etc. |
|
| Back to top |
|
|
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: Jun 27, 2004 2:57pm Post subject: |
|
|
| mouselike wrote: | congrats on being a moderator, see i can be nice off topic
|
Thanks I never thought you wouldn't be nice. It's just that we disagree as to this topic. I respect your opinion as I 'm sure you do mine. It's intelligent agruments as this that I don't mind being in.
I still feel that auto-auth should be the least of a networks staffs worries if at all for the before mentioned reason that you can't control it anyway.
In all my time as an Admin I never once worried about it .. simply because it's not the end of the world if you do lose your nick. If a user lost their nick pass because of foul coding or what have you .. I was friendly enough to look at the script and suggest changes that makes it more secure ... as far as storing passwords in a text file on your PC .. I'm sure that there are more valuable things that said intruder would be interested in more than an IRC password ... but to each his/her own. |
|
| Back to top |
|
|
magpie
Idler
Joined: 18 Jan 2004
Posts: 454
Location: Essex, UK
|
| Posted: Jun 27, 2004 3:04pm Post subject: |
|
|
| On QuakeNet it's not so much the losing of a nick, as there are no nickname reservation services, it's more the loss of channels themselves. We actually have a rather large problem with people writing trojans specifically for recovering passwords for our services that are stored on peoples' computers, which is really why we discourage the use of auto-authentication scripts. |
|
| Back to top |
|
|
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: Jun 27, 2004 3:12pm Post subject: |
|
|
perhaps applying something like DALnet's DCCAllow or blocking the sends of known viruses in the IRCd would be a less futile attempt to stop the loss. That atleast in in your direct control.
Bahamut and Unreal both have this ability if you'd like to see samples of possible coding. |
|
| Back to top |
|
|
magpie
Idler
Joined: 18 Jan 2004
Posts: 454
Location: Essex, UK
|
| Posted: Jun 27, 2004 3:16pm Post subject: |
|
|
| It's really not feasible for us to parse every single privmsg for virus URLs, which is how most of them are spread (by exploiting IE). Another common method is the use of $decode() in mIRC. For us DCCs aren't really an issue. |
|
| Back to top |
|
|
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: Jun 27, 2004 3:36pm Post subject: |
|
|
| Then perhaps user education will be of benefit. |
|
| Back to top |
|
|
magpie
Idler
Joined: 18 Jan 2004
Posts: 454
Location: Essex, UK
|
| Posted: Jun 27, 2004 3:48pm Post subject: |
|
|
| Believe me, we're trying that. :) |
|
| Back to top |
|
|
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: Jun 27, 2004 4:05pm Post subject: |
|
|
| well good luck then |
|
| Back to top |
|
|
Talrias
Lurker
Joined: 16 Feb 2004
Posts: 163
Location: :noitacoL
|
| Posted: Jun 28, 2004 2:31pm Post subject: |
|
|
I apologise for my ignorance about QuakeNet's auth system, but I thought it was a system where you message Q your auth name and password, then all your channel access was based off that authentication (i.e. you don't have to login to each channel individually to get ops)?
Chris |
|
| Back to top |
|
|
magpie
Idler
Joined: 18 Jan 2004
Posts: 454
Location: Essex, UK
|
| Posted: Jun 28, 2004 2:59pm Post subject: |
|
|
| That's correct. |
|
| Back to top |
|
|
Talrias
Lurker
Joined: 16 Feb 2004
Posts: 163
Location: :noitacoL
|
| Posted: Jun 28, 2004 4:18pm Post subject: |
|
|
| In that case, what is the problem with having a command automatically sent by your client on connect, which identifies you to Q? |
|
| Back to top |
|
|
|
Register
Log in
