[Dxspider-support] Discussion set/register set/password
Luigi Carlotto, IK5ZUK
ik5zuk at tiscali.it
Sun Oct 25 14:54:07 GMT 2009
Hi Wolfram, hi all.
I'm totally agree with you, Wolfram.
In order to discourage any improper use, at my cluster I've enabled the
registration (set/var $main::regreq = 1) and for any registered call
I've set (manually) a password. This is the better way, IMHO, because my
node is open for everybody via internet in "passive" mode, and to become
active is needed the registration by the sysop and a password.
It should be nice to share the password database using a new PC protocol
sting, but this solution hasn't an high level security.
Another solution may be to have a remote password database, stored in
one (two or three for redundancy) server reachable via internet, so that
spider can aks/verify to those servers the password for the user's
connection... but in this way if the servers are not reachable, the
cluster network became unopened to any connection.
Another problem to this question, is that today we can see in our
network some spider nodes still running a very old release... and it is
very important that all nodes, with no exceptions, runs a new release
and with the same policy !
Here in Italy we have a Yahoo! group
(http://groups.yahoo.com/group/retedxcitalia) in order to coordinate the
job for all the italian sysops, but I must admit that we have
discussed this problem some times and since today we haven't obtained a
single policy to apply to our cluster nodes, due to diverging
opinions... And we are only a little number in comparison to the total
cluster nodes spreaded across the world !
Dirk, please, could you tell us your opinion ?!?
73 de Luigi, ik5zuk
> Hello
>
> at the last time are more and more "black-user" (improper use) in the
> cluster-net with any spam and false spots...
> Badspotter, badwords or badnodes are a posssibility. But the calls are
> imaginative or they use simple a existing call....
>
> The problem is that the clusternet via internet is open for everybody and
> nobody have control for the calls. I dont want to deny the access for the
> user to read the spots - but there has to be a simple control for the spotter.
>
> set/password is no the solution. You get a question for the password and if
> you have not set a password you can log in with "ENTER" and have all
> functions. If you set a password it is local to this cluster and there are
> still about 400 cluster without password for you (better - or worse - for the
> blacks..)
> (a possibility can be - forwarding for the passwords - the most clusters are
> dxspider - is it possible to do it Dirk?)
>
> With "register on" it is possible to read all clusterinformation. No spots and
> no ann are possible to send. Only send a mail to sysop....
>
> I have now set at db0erf-5:
>
> set/var $main::regreq = 1
> set/var $main::passwdreq = 1
>
> I think if more (best all) sysop take these regulations we have less trouble....
>
> 73 from Erfurt de Wolfram DL3AMi
More information about the Dxspider-support
mailing list