Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: perlmonkscb: An AIM / CB gateway.

by insensate (Hermit)
on Mar 12, 2003 at 03:00 UTC ( #242236=note: print w/ replies, xml ) Need Help??


in reply to perlmonkscb: An AIM / CB gateway.

I love this bot...it makes keeping up with the chatter while at work a lot more practical. However, I've only used it to lurk. If there was a way to authenticate without sending my password through an intermediary I'd be more prone to use it to post to the cb...I'm not implying any bad intentions on theorbtwo's behalf, but given the insecure transmission on the aol toc protocol and the relative ease of logging all text submitted to an aol bot serverside it does present a security risk. Any thoughts on this?

Jason


Comment on Re: perlmonkscb: An AIM / CB gateway.
Re: Re: perlmonkscb: An AIM / CB gateway.
by theorbtwo (Prior) on Mar 12, 2003 at 09:14 UTC

    Unfornatly, no, there's not really a way to make this better. The issue is that not only do I need to verify that you're who you say you are, I need to be able to verify that I have authorization to post things to the chatterbox as you to the PM server. That means I need your cookie. I could provide an interface to allow you to provide your cookie directly, rather then your password, but that has several problems. First off, it's not all that easy for many people to find their cookie. Mozilla makes it decently easy, but AFAIK it's the only one. Secondly, it isn't really any more secure. It's just as easy to hijack your PM account with a cookie as with a password, and it's not difficult to get the password out of the cookie. (This can easily be construed as a bug in perlmonks.) I was going to say thirdly, it's more difficult for me to verify, but then I realized that I was wrong.

    BTW, OSCAR isn't any more secure then TOC. In fact, it may be /less/ secure, since running strings on an OSCAR stream will cut out almost all of the noise, leaving only the data you want, whereas it will leave a TOC stream almost unchanged. (The exception to that is your AIM password, but that's not what we're talking about here.)


    Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

Re^2: perlmonkscb: An AIM / CB gateway.
by Aristotle (Chancellor) on Mar 15, 2003 at 11:34 UTC
    There was talk among pmdev to one day introduce a separate password for users which only authorizes them for the chatterbox. It's not likely to happen anytime soon however, and until then, there's no way short of providing your password to the third party to log in to Perlmonks using external services.

    Makeshifts last the longest.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://242236]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (4)
As of 2014-08-02 08:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Who would be the most fun to work for?















    Results (55 votes), past polls