[Dxspider-support] Discussion set/register set/password

Luigi Carlotto, IK5ZUK ik5zuk at tiscali.it
Sun Oct 25 14:54:07 GMT 2009 

Hi Wolfram, hi all.
I'm totally agree with you, Wolfram.

In order to discourage any improper use, at my cluster I've enabled the 
registration (set/var $main::regreq = 1) and for any registered call 
I've set (manually) a password. This is the better way, IMHO, because my 
node is open for everybody via internet in "passive" mode, and to become 
active is needed the registration by the sysop and a password.

It should be nice to share the password database using a new PC protocol 
sting, but this solution hasn't an high level security.
Another solution may be to have a remote password database, stored in 
one (two or three for redundancy) server reachable via internet, so that 
spider can aks/verify to those servers the password for the user's 
connection... but in this way if the servers are not reachable, the 
cluster network became unopened to any connection.

Another problem to this question, is that today we can see in our 
network some spider nodes still running a very old release... and it is 
very important that all nodes, with no exceptions, runs a new release 
and with the same policy !

Here in Italy we have a Yahoo! group 
(http://groups.yahoo.com/group/retedxcitalia) in order to coordinate the 
  job for all the italian sysops, but I must admit that we have 
discussed this problem some times and since today we haven't obtained a 
single policy to apply to our cluster nodes, due to diverging 
opinions... And we are only a little number in comparison to the total 
cluster nodes spreaded across the world !

Dirk, please, could you tell us your opinion ?!?

73 de Luigi, ik5zuk

> Hello
> 
> at the last time are more and more "black-user" (improper use) in the
> cluster-net with any spam and false spots...
> Badspotter, badwords or badnodes are a posssibility. But the calls are
> imaginative or they use simple a existing call....
> 
> The problem is that the clusternet via internet is open for everybody and
> nobody    have control for the calls. I dont want to deny the access for the
> user to read the spots - but there has to be a simple control for the spotter.
> 
> set/password is no the solution. You get a question for the password and if
> you have not set a password you can log in with "ENTER" and have all
> functions. If you set a password it is local to this cluster and there are
> still about 400 cluster without password for you (better - or worse - for the
> blacks..)
> (a possibility can be - forwarding for the passwords - the most clusters are
> dxspider - is it possible to do it  Dirk?)
> 
> With "register on" it is possible to read all clusterinformation. No spots and
> no ann are possible to send. Only send a mail to sysop....
> 
> I have now set at db0erf-5:
> 
> set/var $main::regreq = 1
> set/var $main::passwdreq = 1
> 
> I think if more (best all) sysop take these regulations we have less trouble....
> 
> 73 from Erfurt de Wolfram DL3AMi

More information about the Dxspider-support mailing list