From: Eric S. Raymond Date: Mon, 8 Oct 2012 14:59:30 +0000 (-0400) Subject: Password support could be done by passing the credential every time. X-Git-Tag: 1.9~2 X-Git-Url: http://git.tremily.us/gitweb.cgi?a=commitdiff_plain;h=2dbf48e95c8015cd0f7d82acd131c7d6b001a7dd;p=irker.git Password support could be done by passing the credential every time. --- diff --git a/security.txt b/security.txt index 62bcee5..4bee577 100644 --- a/security.txt +++ b/security.txt @@ -233,21 +233,6 @@ project. The only other competitor to replace CIA known to us In the general case we cannot guarantee this property against groups A and F. -== Why there is no support for passworded channels == - -We've had support for password authentication to IRC requested, but it -would be a rather bad fit for irkerd’s usage pattern. The problem -isn’t that credentials would be difficult to pass to irkerd – an -optional password field wiuld ve easily enough added to the JSON. - -No, the problem is that once irkerd were to acquire such a credential, -it would have to do source-address IP checking to know (at a minimum) -whether the source host of any given notification request is the same -as one that has presented the password. - -It seems best not gong to go there; the potential for IRC access controls -becoming leaky seems too high. - == Risks relative to centralized services == irker and irkerhook.py were written as a replacement for the