Security

From The DXSpider Documentation Wiki
Jump to navigation Jump to search

Security

From version 1.49 DXSpider has some additional security features. These are not by any means meant to be exhaustive, however they do afford some security against piracy. These two new features can be used independently of each other or in concert to tighten the security.

Registration

The basic principle of registration is simple. If a user is not registered by the sysop, then they have read-only access to the cluster. The only thing they can actually send is a talk or a message to the sysop. In order for them to be able to spot, send announces or talks etc the sysop must register them with the set/register command, like this ...

set/register g0vgs

The user g0vgs can now fully use the cluster. In order to enable registration, you can issue the command ...

set/var $main::reqreg = 1

Any users that are not registered will now see the motd_nor file rather than the motd file as discussed in the Information, files and useful programs section.

Entering this line at the prompt will only last for the time the cluster is running of course and would not be present on a restart. To make the change permanent, add the above line to /spider/scripts/startup. To read more on the startup file, see the section on Information, files and useful programs.

To unregister a user use unset/register and to show the list of registered users, use the command show/register.

Passwords

At the moment, passwords only affect users who login to a DXSpider cluster node via telnet. If a user requires a password, they can either set it themselves or have the sysop enter it for them by using the set/password command. Any users who already have passwords, such as remote sysops, will be asked for their passwords automatically by the cluster. Using passwords in this way means that the user has a choice on whether to have a password or not. To force the use of passwords at login, issue the command ...

set/var $main::passwdreq = 1

at the cluster prompt. This can also be added to the /spider/scripts/startup file as above to make the change permanent.

Of course, if you do this you will have to assign a password for each of your users. If you were asking them to register, it is anticipated that you would ask them to send you a message both to ask to be registered and to give you the password they wish to use.

Should a user forget their password, it can be reset by the sysop by first removing the existing password and then setting a new one like so ...

unset/password g0vgs
set/password g0vgs new_password