[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gomd-devel] Authentication follow-up
From: |
rbaardman |
Subject: |
Re: [gomd-devel] Authentication follow-up |
Date: |
Sun, 28 Sep 2003 21:27:33 +0200 |
User-agent: |
Internet Messaging Program (IMP) 3.1 |
> Some words about the encryption issue.
>
> Of course, as gomd is growing up, we need to implement a good security
> level.
> Encryption is just one of the thing needed.
Exactly :)
> As gomd can be contacted also by telnet clients, encryption cannot be
> used.
> So we've to distinguish amongst the clients.
Yes. I totally agree
> My idea is to provide a seclevel-by-client mechanism.
> - if gomd is contacted by a client using encryption, gomd will speak with
> encryption => all permissions granted
I think not. If for example a user (not admin) logs in using SSL he should
not be able to do all kinds of stuff.
> - if gomd is contacted by a client _not_ using encryption, gomd will speak
> without encryption => ACL+strict security mode enabled.
My idear is to make the key concept users. SSL users will be able to login
and non-SSL users will be something like user "nobody" by default.
> This stuff will be implemented after the first beta release.
ok, I'll be patient
--
_____________________________________________________________________
Snel en voordelig ADSL nu voor iedereen bereikbaar.
Zon Breedband Budget voor EUR 14,95 per maand.
Nu tijdelijk geen aansluitkosten. Bestel snel op zonnet.nl/breedband