0

This has been bugging me for a while. I have this ircbot that I run, and I have some commands that require to be locked down from all users other than myself (and a couple of other computers/users.)

Previously, I had it so then it would store a list of nicks in a database that would be allowed to access the administrator-only functions, however this proved to be insecure because any user could assume my nick if I disconnected and access these functions.

One method that I was thinking about was to have a module with methods for handling the 'login' and 'logout' functions (as well as storing the logged-in nicks), although that too could be troublesome. (See the nick change problem.)

What would be a robust and secure way of going about having 'admin-only' functions? Assume that I currently have no way to use DCC.

Mark
  • 317
  • 1
  • 3
  • 17

1 Answers1

1

Use the userhost part of the PRIVMSG, thats what i do. I use A User class that has a attribute userhosts which is a list of userhosts that match to the certain user. My code is python though but the same principle should apply ;]

See http://code.google.com/p/jsonbot/source/browse/jsb/lib/users.py if you want to see my version.

jsonbot
  • 28
  • 3
  • I see, it makes sense, and of course it would be worth tracking nick changes and quits as well. The only thing that I am still wracking my brain around about is how to use such an admin class in multiple classes that are required (and include a base 'plugin' class)? – Mark Aug 05 '11 at 19:34