[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200306050350.h553oqeE006076@caligula.anu.edu.au>
From: avalon at caligula.anu.edu.au (Darren Reed)
Subject: Re: IRCXpro 1.0 - Clear local and default remote admin passwords
In some mail from Michael Osten, sie said:
>
> > The reason why IRC servers "IRCD.config" files don't use encryption (see
> > file attachment for example) is because 49 times out of 50 they do not
> come
> > with a GUI program. Administrators main method of changing the
> > configuration is to manually edit the file using a notepad utility.
>
> It has nothing to do with having a GUI or not. You obviously have no
> concept of Unix permissions, so using a unix analogy should be avoided in
> the future. The config file that you speak of would be set to only be
> readable and/or writable the user running the daemon. Even the existance of
> that password in the config file woud lend it self a bad design as every
> application in (linux at least) can have hooks to PAM and use the same
> encrypted password. If the password *was* in the config file, to read this
> file, you would need that users priviledges, or priviledges greater than
> that user. If you have either, crypting the password would be a bit
> pointless (not to say that people don't do it).
You're fogetting that this IRC server application is being developed
for Windows where people are still mostly unfamiliar with advanced
file permission concepts beyond "read-only/archive" bits.
NTFS (NT4, W2K, XP, ...) supports file ownership by users as well as
read/write/execute "bits". This is something that many *nix advocates
are blissuflly unaware of. It's also not often used properly.
Darren
Powered by blists - more mailing lists