View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003445 | unreal | module api | public | 2007-07-15 07:34 | 2009-07-24 01:09 |
| Reporter | KlaasT | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | open | ||
| Platform | amd64 | OS | Linux | OS Version | 2.6 |
| Product Version | 4.0-devel | ||||
| Summary | 0003445: [Unreal4] Ability to specify servers where a person can oper up with an account | ||||
| Description | On the Inspircd Website I've seen a module where it is possible to store the oper accounts inside a mysql database. This could be useful if someone wants to create an oper account list which can be edited via a webinterface or something. However I think there should be the possibility to enter in this database for which server the oper account is for example if server="*" then it is a global oper for all servers but when server="xy.server.com" then the account only works on server xy. I hope you can understand my total weirdness. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
| child of | 0003417 | closed | TODO list for Unreal4.0 |
|
|
I see what you mean. It'd be neat to be able to connect to any server on a network and be able to oper up (if that is allowed in your O:line) and use it. This would help bigger nets but also could pose a security threat. Ex. Netadmin A owns Server A, Netadmin B owns server B Now lets assume they arent using anope or any services with a noop option. Now say Netadmin A logs onto Server B and opers up. He gets the idea to run a /addline command or some other command and Netadmin B doesnt want that kind of access on his server given to opers from other servers. Maybe we could implement a set option for remote O:lines which restricts certain operflags. So you cant use X operflag from an O:line which exists on a linked server. This would help prevent any abuse which could arise from the ability to oper up on a server with an O:line from another linked server on that network Also we could include a Disable remote opers option too, or just set Deny Remote Oper flags to '*' or something like that. As for a mysql oper database, that might be vulnerable as well. look at all the mysql injection attacks going around!~ |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2007-07-15 07:34 | KlaasT | New Issue | |
| 2007-07-15 21:59 | aquanight | Relationship added | child of 0003417 |
| 2007-07-17 04:27 |
|
Status | new => acknowledged |
| 2007-07-23 09:33 |
|
Status | acknowledged => confirmed |
| 2008-07-13 13:08 | Pachy | Note Added: 0015319 | |
| 2008-07-13 13:09 | Pachy | Note Edited: 0015319 | |
| 2009-07-24 01:09 | Stealth | Status | confirmed => closed |
| 2017-01-06 15:48 | syzop | Category | module => module api |
