View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002627 | unreal | ircd | public | 2005-08-26 18:27 | 2007-04-16 10:03 |
| Reporter | Stealth | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | duplicate | ||
| OS | All | OS Version | All | ||
| Product Version | 3.2.3 | ||||
| Summary | 0002627: CIDR in oper::from::userhost | ||||
| Description | I think the summary says it all. I think being able to use CIDR in oper::from::userhost would be a great thing to have. It would solve some problems, and still be more secure than using a very broad wildcard. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Well, this hasn't seen any aparrent activity... but I second the request. |
|
|
This is a good idea, however, oper blocks should not be 100% reliant on oper::from::userhost for security. Users should use strong passwords, set oper::maxlogins. Passwords ofcourse should be encrypted. oper::from::userhost is a great tool, but I personally don't feel it should go as sctrict as using CIDR. If you have: 1) A strong password (at least 8 charactes, uppercase, lowercase, number, and special characters, and it is not a word or phrase in with letters replaced with numbers/symbols, and not a "plain text" password) 2) oper::maxlogins set at 2, 1 for you, and 1 if you get involuntarily disconnected. 3) oper::from::userhost something as strict as can be with current wildcards. 4) [OPTIONAL] Just use your SSL cert. If you are so paranoid you need to use CIDR in your oper block, tell Unreal to use your SSL cert as your password. You would ofcourse need to generate your own keys, but here is how to configure it: password "path/to/cert.pem" { sslclientcert; }; When done with that, simply /oper <Your_Login> <anything_you_want_to_put_here> |
|
|
I'm not relying on them for security. but I want to be able to have someone who can be on 12.199.54.36 or 12.205.109.67 (and any numbers of IPs in btwn, and that list isn't the only) without having to have so many bloody entries, or do 12.*.*.*. ISPs IP blocks are allocated with CIDR. Users use ISPs. It seems logical. SSL certs are nice, but are no easier to maintain than keeping opers with passes they can't lose. Nor can I find in www.mirc.co.uk/ssl how to use SSL certs. True, I don't use mIRC, but most users do. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2005-08-26 18:27 | Stealth | New Issue | |
| 2006-02-05 01:42 | tabrisnet | Note Added: 0011140 | |
| 2006-02-07 21:53 | Stealth | Note Added: 0011165 | |
| 2006-02-07 21:55 | Stealth | Note Edited: 0011165 | |
| 2006-02-07 21:56 | Stealth | Note Edited: 0011165 | |
| 2006-02-07 23:03 | tabrisnet | Note Added: 0011168 | |
| 2007-04-16 10:02 |
|
Relationship added | related to 0003234 |
| 2007-04-16 10:02 |
|
Relationship replaced | duplicate of 0003234 |
| 2007-04-16 10:03 |
|
Status | new => closed |
| 2007-04-16 10:03 |
|
Resolution | open => duplicate |
