[tpop3d-discuss] New features ?

Chris Lightfoot chris at ex-parrot.com
Tue, 3 Dec 2002 09:35:36 +0000

On Mon, Dec 02, 2002 at 10:17:55PM +0100, Yann GROSSEL wrote:
> We have a few really clueless users. I remember spending very long time
> with users on the phone trying to make them enter the right password in
> their outlook configuration. After minutes I started to dump the users
> POP requests using tcpdump and I soon discovered that they have entered
> about ten times their password one after the other. They didn't thought
> to use the backspace key between their tries because the first '******'
> of the password had scrolled out of sight in the password field... With
> the dump I was able to immediately spot what the users were doing wrong.

Heh. That's a good example. I don't have a good answer to
that one.

> This is just an example. I think there is unfortunately more than a few
> 'typical' problems that can be automatically detected by tpop3d and
> announced in the logs...
> But I agree with Chris about the fact that logging wrong passwords may
> reveal passwords for some other service. Perhaps the solution would be
> to activate password logging only for a specific login and during a few
> minutes only, when the user is calling the hot line ?

Hmm.... I think I'll mention that the easiest way to
implement this is to remove the special case in
connection.c where passwords aren't logged, and then duck
out of this debate....

``I had one [good seventh grade teacher]. Smart, witty, excellent
  communicator, young, and beautiful. Naturally, she fell over
  dead in class from a brain haemorrhage.'' (seen on the internet)