View Issue Details

IDProjectCategoryView StatusLast Update
0002627unrealircdpublic2007-04-16 10:03
ReporterStealth Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionduplicate 
OSAllOS VersionAll 
Product Version3.2.3 
Summary0002627: CIDR in oper::from::userhost
DescriptionI think the summary says it all. I think being able to use CIDR in oper::from::userhost would be a great thing to have. It would solve some problems, and still be more secure than using a very broad wildcard.
TagsNo tags attached.
3rd party modules

Relationships

duplicate of 0003234 resolvedaquanight user hosts in oper blocks should support CIDR 

Activities

tabrisnet

2006-02-05 01:42

reporter   ~0011140

Well, this hasn't seen any aparrent activity... but I second the request.

Stealth

2006-02-07 21:53

reporter   ~0011165

Last edited: 2006-02-07 21:56

This is a good idea, however, oper blocks should not be 100% reliant on oper::from::userhost for security. Users should use strong passwords, set oper::maxlogins. Passwords ofcourse should be encrypted.

oper::from::userhost is a great tool, but I personally don't feel it should go as sctrict as using CIDR.

If you have:

1) A strong password (at least 8 charactes, uppercase, lowercase, number, and special characters, and it is not a word or phrase in with letters replaced with numbers/symbols, and not a "plain text" password)

2) oper::maxlogins set at 2, 1 for you, and 1 if you get involuntarily disconnected.

3) oper::from::userhost something as strict as can be with current wildcards.

4) [OPTIONAL] Just use your SSL cert. If you are so paranoid you need to use CIDR in your oper block, tell Unreal to use your SSL cert as your password. You would ofcourse need to generate your own keys, but here is how to configure it:
password "path/to/cert.pem" { sslclientcert; };
When done with that, simply /oper <Your_Login> <anything_you_want_to_put_here>

tabrisnet

2006-02-07 23:03

reporter   ~0011168

I'm not relying on them for security. but I want to be able to have someone who can be on 12.199.54.36 or 12.205.109.67 (and any numbers of IPs in btwn, and that list isn't the only) without having to have so many bloody entries, or do 12.*.*.*.
ISPs IP blocks are allocated with CIDR. Users use ISPs. It seems logical.

SSL certs are nice, but are no easier to maintain than keeping opers with passes they can't lose. Nor can I find in www.mirc.co.uk/ssl how to use SSL certs.

True, I don't use mIRC, but most users do.

Issue History

Date Modified Username Field Change
2005-08-26 18:27 Stealth New Issue
2006-02-05 01:42 tabrisnet Note Added: 0011140
2006-02-07 21:53 Stealth Note Added: 0011165
2006-02-07 21:55 Stealth Note Edited: 0011165
2006-02-07 21:56 Stealth Note Edited: 0011165
2006-02-07 23:03 tabrisnet Note Added: 0011168
2007-04-16 10:02 stskeeps Relationship added related to 0003234
2007-04-16 10:02 stskeeps Relationship replaced duplicate of 0003234
2007-04-16 10:03 stskeeps Status new => closed
2007-04-16 10:03 stskeeps Resolution open => duplicate