This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
help!
help!
I am a little confused on the OP'ing of users via my eggdrop bot. Right now I give my channel OPs flags "foa" and also add their hostmask. Is this a safe way to OP my users or should I have my OPs supply a password to the bot to OP them.
-
gumbydammit
- Master
- Posts: 311
- Joined: Thu Sep 05, 2002 4:52 pm
- Location: Canada
- Contact:
Typically Users are added via the bots and then at that moment when the user is present upon addition they send a password to the bots to set. The users can then request their ops from the bot (Typical User flags of fgov) Some channels utilize special mirc scripting that has their users request ops securely from scripting that Verifies the bots name and host (to aid in them not sending their pass to a Mirc (very bad)) Or if your bots names are unique and no one else would want them. But in general AutoOp Flag is a VERY Bad Idea.
why?
Ok, why is the auto-op flag bad? I have read several places where they say it is bad also, but they fail to go into detail about it. If you give them the +a flag with their hostmask, how can anyone duplicate it? I feel by using the password routine, you are giving the user a chance to mess around with your bot. no so if you do the +a flag.
the auto op flag is bad because a person only needs to match the hostmask of an already added user. no other authentication needed.
this means that any users you have added with dynamic hosts are VERY insecure.
with only the o flag, people will have to match the hostmask, and supply a correct password.
using the password routine will not let anyone mess around with your bot. infact, they can set a password on your bots right now, with the foa flags.
if you dont want people on your partyline, edit your .conf like so:
set require-p 1
users can set a pass and op up like this:
/msg bot pass their-password
/msg bot op their-password
to remove the autoop flag:
.chattr handle -a <#chan>
this means that any users you have added with dynamic hosts are VERY insecure.
with only the o flag, people will have to match the hostmask, and supply a correct password.
using the password routine will not let anyone mess around with your bot. infact, they can set a password on your bots right now, with the foa flags.
if you dont want people on your partyline, edit your .conf like so:
set require-p 1
users can set a pass and op up like this:
/msg bot pass their-password
/msg bot op their-password
to remove the autoop flag:
.chattr handle -a <#chan>
photon?
...
Ok, you have convinced me. I'll go back to the password routine. I was using it before, but it would never OP the OP's in my channel. I think the reason was because I never added the users hostmask to their user record in the bots. Thanks for all who replied.