On Sat, Jan 2, 2010 at 10:33 AM, Vin King <vin.king@gmail.com> wrote:
ways to enforce it on. We still get questions about how to turn it off, because it still looks like an option.
It's obviously (IMO) broken that it's not an option... turning ENFORCE off should be just fine. NickServ ACCESS lists are a security risk, when you are OP'ed on Channels (channels that don't use IDENT). And 60 seconds to identify is really only sufficient for users with short passwords or quick typists who notice the NickServ message immediately. So ENFORCE by default forces some risky practices such as saving passwords in the IRC client, or using access lists, which are in the hands of bad guys. It may impact some nicknames that were registered for role-playing purposes, and meant to be shared (but without providing access). Then roleplayers' only option for such character nicknames is to forego registration (and risk the nick be stolen), or to use an access list such as *!*@*... The only beneficial effect of forcing ENFORCE to be on, that I see: users who turn off ENFORCE without understanding the implications, may accidentally let their nicknames expire (when they fail to identify to it) -- -J
Here's the official DALnet answer to the matter: https://lists.dal.net/pipermail/helpers/2008-May/000008.html The command can still be issued, but enforce is on no matter what... /nickserv set enforce on|off /nickserv set kill on|off PapaSmurf --- On Sun, 1/3/10, James Hess <mysidia@gmail.com> wrote:
From: James Hess <mysidia@gmail.com> Subject: Re: [DALnet-services] ENFORCE To: "Vin King" <vin.king@gmail.com> Cc: "PapaSmurf" <freedried@yahoo.com>, prez@dal.net, dalnet-services@lists.dal.net Date: Sunday, January 3, 2010, 10:16 PM On Sat, Jan 2, 2010 at 10:33 AM, Vin King <vin.king@gmail.com> wrote:
ways to enforce it on. We still get questions about how to turn it off, because it still looks like an option.
It's obviously (IMO) broken that it's not an option... turning ENFORCE off should be just fine. NickServ ACCESS lists are a security risk, when you are OP'ed on Channels (channels that don't use IDENT).
And 60 seconds to identify is really only sufficient for users with short passwords or quick typists who notice the NickServ message immediately.
So ENFORCE by default forces some risky practices such as saving passwords in the IRC client, or using access lists, which are in the hands of bad guys.
It may impact some nicknames that were registered for role-playing purposes, and meant to be shared (but without providing access). Then roleplayers' only option for such character nicknames is to forego registration (and risk the nick be stolen), or to use an access list such as *!*@*...
The only beneficial effect of forcing ENFORCE to be on, that I see: users who turn off ENFORCE without understanding the implications, may accidentally let their nicknames expire (when they fail to identify to it)
-- -J
participants (2)
-
James Hess -
PapaSmurf