[gentoo-dev] finger@gentoo.org

[gentoo-dev] finger@gentoo.org

[Benjamin Coles]

Considering that this topic was brought up before and it had some
security problems aka user names could be guessed from it, I would
propose setting up a hacked version of finger which originally pulls
data from multiple sources to pull it from a .xml file. I'm sure we
could put at the top: Even though this user is a gentoo developer, it
does not mean he is a user of this server. If anyone were to try to hack
it with login names in the list it could be blocked indefinately from
that host to ever access the server again because not everyone in that
list has access to web servers and such.

Thanks,
Benjamin Coles
Gentoo Infrastructure


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] finger@gentoo.org

[Aron Griffis]

[-- Attachment #1: Type: text/plain, Size: 254 bytes --]

Benjamin Coles wrote:	[Wed Oct 01 2003, 01:33:49PM EDT]
> I would propose setting up a hacked version of finger which originally
> pulls data from multiple sources to pull it from a .xml file.

I'm very much in favor of this, as I'm sure Tavis is.

Aron

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] finger@gentoo.org

[Spider]

[-- Attachment #1: Type: text/plain, Size: 543 bytes --]

begin  quote
On Wed, 01 Oct 2003 10:33:49 -0700
Benjamin Coles <sj7trunks@gentoo.org> wrote:

> Considering that this topic was brought up before and it had some
> security problems aka user names could be guessed from it, I would
> propose setting up a hacked version of finger which originally pulls
> data from multiple sources to pull it from a .xml file. 

Sounds good for me.  

//Spider



-- 
begin  .signature
This is a .signature virus! Please copy me into your .signature!
See Microsoft KB Article Q265230 for more information.
end

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]