Unfornatly, no, there's not really a way to make this better. The issue is that not only do I need to verify that you're who you say you are, I need to be able to verify that I have authorization to post things to the chatterbox as you to the PM server. That means I need your cookie. I could provide an interface to allow you to provide your cookie directly, rather then your password, but that has several problems. First off, it's not all that easy for many people to find their cookie. Mozilla makes it decently easy, but AFAIK it's the only one. Secondly, it isn't really any more secure. It's just as easy to hijack your PM account with a cookie as with a password, and it's not difficult to get the password out of the cookie. (This can easily be construed as a bug in perlmonks.) I was going to say thirdly, it's more difficult for me to verify, but then I realized that I was wrong.
BTW, OSCAR isn't any more secure then TOC. In fact, it may be /less/ secure, since running strings on an OSCAR stream will cut out almost all of the noise, leaving only the data you want, whereas it will leave a TOC stream almost unchanged. (The exception to that is your AIM password, but that's not what we're talking about here.)
Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).
| [reply] |
| [reply] |