======>>> haliphax, 1:2800/18 wrote:

Originally to: Jon Watson

JW> What's the hole? I don't see it. If you're referring to the ability for a 
JW> person to use another person's name on another node, that's nothing new or
JW> specific to web bbses....

wow. that is quite a security flaw. isn't that something that can be easily
fixed? apparently, it happened by accident in this case (in michael's case)..

i know it's not that hard to do in php, anyway.

-todd

|07     --haliphax |15//|07rMRS
|02      cotm.dyndns.org
|07       vanguard mods


<<<====== end quote


See, I must be misunderstanding. Here's what I'm talking about:

I have an account on BBS A as Jon Watson. I'm a mean-spirited bastard, so I
go to BBS B and create a new account under your name. Now any messages I
post from BBS B appear to come from you and unless someone is cognizant
enough to notice that your node number has changed, you would get blamed
for everything I post.

This isn't a security issue per se; it's an artifact of running individual,
unconnected systems.

Surely we're talking about two different things, no?

Jon

-FOTW: read your
Fidonet On The Web!
http://www.theheatsinkbbs.ca :=-



--- Internet Rex 2.29