Re: [dev] [ii] exposed password on process monitoring from Ivan Kanakarakis on 2012-04-19 (dev mail list archive)

From: Ivan Kanakarakis <ivan.kanak_AT_gmail.com>
Date: Thu, 19 Apr 2012 21:05:07 +0300

On 19 April 2012 19:48, Connor Lane Smith <cls_AT_lubutu.com> wrote:

> Hey,
>
> On 19 April 2012 17:34, Truls Becken <truls.becken_AT_gmail.com> wrote:
> > $ ii &
> > $ cat ~/irc/freenode_login_script > ~/irc/irc.freenode.net/in
> >
>

I suppose freenode_login_script is something like

  /j nickserv identify mypasswd
  /j #channel-foo
  /j #channel-bar

this works, but one must cat the file within the time limits
(freenode gives 30secs to auth before changing your nick)
getting that in a wrapper script that would start ii and then
wait and identify and join channels would solve that.

> > No need for the program to implement password support at all really.
>
> 'ii -k' sends the server a PASS message, which must be done before
> NICK or USER. This is unrelated to nickserv etc.
>
>
what's the difference between PASS and identify ?
both are used to register the user to the server.
afaict PASS is sent by the client before the nick/user is set
so when the user connects he's already registered.
afaik irssi doesnt do that, but provides "-autosendcmd"

I think PASS is good, having it removed wouldn't really gain
us much, nothing important in terms of loc and would have
to replace that functionality, that the irc protocol provides
with a delayed "/j nickserv identify ..." message.
which one is cleaner ?

http://tools.ietf.org/html/draft-kalt-irc-client-02#section-3.1.1 (client)
http://tools.ietf.org/html/draft-kalt-irc-server-01#section-4.1.1 (server)

> On 19 April 2012 17:24, Ivan Kanakarakis <ivan.kanak_AT_gmail.com> wrote:
> > I was thinking in having -k with no argument to go search for a file
> > like oftc.passwd and grab the password from there.
>
> How about making 'ii -k -' read the password from stdin? Flags with
> optional arguments are bad, imo.
>
>
I'm fine with that. that way one can have a strong passwd and
generate it on the fly, and pass it to ii, like:

  $ echo "a.simple.secret.phrase" | base64 | ii -k -

and you can hide that from the shell history too
hmmm mm

cls
>
>

-- 
*Ivan c00kiemon5ter V Kanakarakis *

Received on Thu Apr 19 2012 - 20:05:07 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 19 2012 - 20:12:05 CEST