Subj : Re: src/sbbs3/rechocfg.c To : Bill Mcgarrity From : Digital Man Date : Sat May 28 2016 10:16:00 Re: Re: src/sbbs3/rechocfg.c sbbsecho.c sbbsecho.h By: Bill McGarrity to Digital Man on Tue May 10 2016 12:22 am > -=> Digital Man wrote to Bill McGarrity <=- > > DM> Re: src/sbbs3/rechocfg.c sbbsecho.c sbbsecho.h > DM> By: Bill McGarrity to rswindell on Mon May 09 2016 12:48 pm > > > Re: src/sbbs3/rechocfg.c sbbsecho.c sbbsecho.h > > By: rswindell to CVS commit on Mon May 09 2016 02:28:44 > > > Hiya Rob... > > > rs> Modified Files: rechocfg.c sbbsecho.c sbbsecho.h Log > > rs> Message: Introduced sbbsecho.ini advanced setting (not yet exposed > > rs> in > > rs> echocfg): StrictPacketPasswords (default is "true"). If you want > > rs> SBBSecho v3 to behave like SBBSecho v2 with regards to packet > > rs> passwords for linked-nodes with *no* configured packet password, set > > rs> this value to "true" in your sbbsecho.ini file. I don't recommend > > rs> doing this if you care about the "security" of your echomail, but > > rs> some sysops have been bitten by the strict enforcement of the > > rs> configured password in SBBSecho v3. > > > Just so I get this straight... if we want to accept the new feature in > > sbbsecho for strict pkt passwords protection then toggle this to "false". > > Correct?? > > DM> No, strict is the default behavior of SBBSecho v3. It was the *only* > DM> behavior of SBBSecho v3 before this morning, but apparently there's > DM> some confused FidoNet sysops out there sending out password-protected > DM> packets and not realizing it. So this little option will allow you to > DM> use the old, less-secure, SBBSecho v2 method of password packet > DM> validation: > > DM> If StrictPacketPasswords = true (the default), then the password in the > DM> packet must match whatever you (the receiving end) has configured in > DM> your sbbsecho.ini for the linked node. Just as it was in the initial > DM> SBBSecho v3 commits to CVS. > > DM> If StrictPacketPasswords = false, then the password in the packet is > DM> only compared if the linked node has a password set in your (the > DM> receiving end's) sbbsecho.ini file. I don't recommend using this mode > DM> if you care about echomail security. > > Thank you for the clarification. When I first read your explanation above > it seemed it was reverse logic. I just wanted to make sure before I > processed it. Yes, I mistyped my CVS commit message. That should have said: Introduced sbbsecho.ini advanced setting (not yet exposed in echocfg): StrictPacketPasswords (default is "true"). If you want SBBSecho v3 to behave like SBBSecho v2 with regards to packet passwords for linked-nodes with *no* configured packet password, set this value to "false" in your sbbsecho.ini file. I didn't catch that until just re-reading in your quoted text. Oops. digital man Synchronet "Real Fact" #60: How to get Synchronet technical support: http://wiki.synchro.net/howto:support Norco, CA WX: 55.3øF, 87.0% humidity, 0 mph SSE wind, 0.00 inches rain/24hrs --- þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net þ wcQWK 7.0 ÷ ILink * Omicron Theta * Southaven MS * winserver.org --- QScan/PCB v1.20a / 01-0462 * Origin: ILink: CFBBS | cfbbs.no-ip.com | 856-933-7096 (454:1/1) .