2002-05-17 14:50:20, skrev Cosmin Marcu <[EMAIL PROTECTED]>:
>Hello.
>
>Almost everybody knows that if you have sufficient
>access in a channel to set a ban through X and you set
>that ban on *!*@*.* X will kick all users from that
>channel. You need access level >= ban level to remove
>it. The problem is that the username's password can be
>stolen.
As you login you will, as you already know, be notified on NEVER to give out
your password.
Those who does it, doesn't really pay attention to what the undernet cs has to say
about username/channel security.
There has been added MAXLOGINS, wich I, and probably many others, look at as enough
security.
>So, with a stolen password and sufficient
>access you can kick out an entire channel. This
>sucks...
>My proposal is to add a new channel setting (level
>500). For example FULLBAN (OFF or ON) which allow (or
>not) users to set bans on *.* . I guess is a good
>ideea... 10x & please excuse my english.
You can do a lot of damage, if you have someone elses usernames. This is a fact that
sucks, indeed, but as said earlier, there is honestly enough security
for this.
:::::::::::::
/Snatcher
