Subj : Web access, false BBS ID
To   : Andy Ball
From : Michel Samson
Date : Wed Oct 27 2004 11:00 pm

Hi Andy,

    About "Web BBS" of October 27:

BG> Are there any web-access BBSs, other than EleWeb...
MS> Take a peek into the `FdN_SysOp.Rights' echo...  ...October 13...
MS> ...the obvious lack of security is what i'd call a deterrent, in
MS> favour of plain old DialUp/~TelNet~ BBSing, i mean...
AB> How is this any more secure than an unencrypted HTTP connection?
MS> ...BBSers like me who don't know how to steal PassWords do have a
MS> way to steal identities!  We're in perfect agreement over ~SSH~,
MS> not the removal of ~TelNet~.       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AB> It was bound to happen, eventually.

    I guess this event can be classified according to the laws of chaos
but other natural laws will predict that all good things come to an end!

                                 %-)

JW> What's the hole?  I don't see it.  ...that's nothing new...
AB> Sysops seem pretty thin on the ground these days...

    Considering the apparent lack of concern from authors/SysOps on who
the BBSers depended for their SoftWare when the whole BBS community went
thru the ~TelNet~ transition, euh...  relatively to a most basic feature
of DialUp BSSing (file-transfer!), euh...  Pardon my negativism but it's
not tempting to leave such people too much ground so that this adventure
is repeated in the same exclusive fashion again!  Important things which
~WEB~ BBSes must address first are treated last, it seems;  that's how a
stranger's name replaced mine!  It never happened when using ~TelNet~...

                                 %-o

MS> If I were to set up a BBS with Internet access, SSH is probably the
MS> approach that I would take.  Web-based BBS have their place too.

    I'd make the UpGrade Path INCLUSIVE.  I'm thinking of a scheme like
~POP3~ before ~SMTP~ but with a twist;  i'd keep ~TelNet~ but require my
LEGACY users to validate using ~SSH~ and then grant ~TelNet~ access only
after the ~IP~ address is approved...  I can live with innovations since
~TelNet~ can be secure enough if combined with ~SSH~/~HTTPS~ and i might
even imagine other ways to adapt plain old ~TelNet~ sessions without any
newer protocols (via additionnal security macros/utilities, perhaps?)...

                                 %^)

AB> Telnet clients are ubiquitous, the fact that they come as standard
AB> equipment with most operating system software, and are available for
AB> more besides (including DOS) counts in favour of telnet.

    Now that we begin to get ~TelNet~ clients with decent file-transfer
support (after years of waiting) lets enjoy what's here, i would say!...

                                  :)

AB> Whether to allow the use of an insecure protocol to access the BBS
AB> is ultimately the sysop's decision.

    And a BBSer's choice, as well.  I'm a relatively young BBSer but it
isn't acceptable to have multiple identities (nor aliases) on `FidoNet';
i'd know what MY option is should the matter become a major problem!  My
previous reply followed this logic, in a way:  we always have the option
of informing the authors/SysOps about security issues we come to notice.

                                   Salutations,  :)

                                   Michel Samson
                                   a/s Bicephale
                                   http://public.sogetel.net/bicephale/


... `MS-DOS v7.10a'+`LSPPP v0.8'+`RLFossil v1.23'+`MS-Kermit v3.15 Med.'
___ MultiMail/MS-DOS v0.45 - Numbers make BBSing UNIVERSAL, not sugar...
--- Maximus/2 3.01
* Origin: COMM Port OS/2 juge.com 204.89.247.1 (281) 980-9671 (1:106/2000)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.