[hybrid] Searching for current m_cgiirc.c or other recommended way to let qwebirc set end user IPs on connections

ADFH adfh_ircdh at hogan.id.au
Sun Nov 14 02:06:39 EST 2010


Hi Gavin,

Fair enough call with respect to static password.

The module I found seems to have been written for an earlier version of
ircd-hybrid - do you know of a more recent version that'll compile with
the current codebase?

End result is I basically don't want every web user appearing with the
webserver's host details in a way that'll still allow normal ban/whois
etc. info

On Sat, 13 Nov 2010 19:48:45 -0700
Gavin Hanover <gavin at subnets.org> wrote:

> I'm not aware of any version without hardcoded passwords, and things
> haven't changed much since 2002. If I recall the inner workings
> correctly, cgiirc clients that get spoofed as the users host (rather
> than the webserver's host) basically use whatever value the webserver
> passes for the host to spoof as. Because of this, connection classes
> that work with the cgiirc module should be limited to webservers you
> explicitly trust (ie - don't leave it open to everyone). This is
> probably why hardcoded passwords (used only in the web application
> config, not by the user) have not been an issue.

-- 
ADFH <adfh_ircdh at hogan.id.au>



More information about the hybrid mailing list