Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re: perlmonkscb: An AIM / CB gateway.

by insensate (Hermit)
on Mar 12, 2003 at 03:00 UTC ( [id://242236]=note: print w/replies, xml ) Need Help??


in reply to perlmonkscb: An AIM / CB gateway.

I love this bot...it makes keeping up with the chatter while at work a lot more practical. However, I've only used it to lurk. If there was a way to authenticate without sending my password through an intermediary I'd be more prone to use it to post to the cb...I'm not implying any bad intentions on theorbtwo's behalf, but given the insecure transmission on the aol toc protocol and the relative ease of logging all text submitted to an aol bot serverside it does present a security risk. Any thoughts on this?

Jason

Replies are listed 'Best First'.
Re: Re: perlmonkscb: An AIM / CB gateway.
by theorbtwo (Prior) on Mar 12, 2003 at 09:14 UTC

    Unfornatly, no, there's not really a way to make this better. The issue is that not only do I need to verify that you're who you say you are, I need to be able to verify that I have authorization to post things to the chatterbox as you to the PM server. That means I need your cookie. I could provide an interface to allow you to provide your cookie directly, rather then your password, but that has several problems. First off, it's not all that easy for many people to find their cookie. Mozilla makes it decently easy, but AFAIK it's the only one. Secondly, it isn't really any more secure. It's just as easy to hijack your PM account with a cookie as with a password, and it's not difficult to get the password out of the cookie. (This can easily be construed as a bug in perlmonks.) I was going to say thirdly, it's more difficult for me to verify, but then I realized that I was wrong.

    BTW, OSCAR isn't any more secure then TOC. In fact, it may be /less/ secure, since running strings on an OSCAR stream will cut out almost all of the noise, leaving only the data you want, whereas it will leave a TOC stream almost unchanged. (The exception to that is your AIM password, but that's not what we're talking about here.)

    Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

[reply]
Re^2: perlmonkscb: An AIM / CB gateway.
by Aristotle (Chancellor) on Mar 15, 2003 at 11:34 UTC
    There was talk among pmdev to one day introduce a separate password for users which only authorizes them for the chatterbox. It's not likely to happen anytime soon however, and until then, there's no way short of providing your password to the third party to log in to Perlmonks using external services.

    Makeshifts last the longest.

[reply]

In Section Perl Monks Discussion

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://242236]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (3)
As of 2024-04-25 12:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found