in this mail I'd like to elaborate on a few issues about registering
users in a database. The why, how and what:
WHY?
----
A large problem of IRC is that people who abuse the network cannot be
effectively punished. An abuser that is K:lined from his server can
easily find another server that still allows access, he can change his
username if he doesn't run Unix and isn't root, and his hostname can
change if he is using dynamic IP. The only method that is available to
IRC operators is a domain-wide K:line, victimizing dozens if not
hundreds of other, (innocent) users.
This problem can be solved by carefully giving access to users. In
WWCP this is accomplished by assigning each user a network-wide unique
identifier of 32 bits. This limits the number of users to 4.2 billion,
little less than one earth population. Without a registered ID, users
have limited access. In which way this access is limited, is still an
open issue.
HOW?
----
When a user connects that isn't registered, he will receive a message
from the server in the form (level 3) (*)
850 You are not registered.
Note that the text is subject to change, and perhaps the numeric also.
For level 2 clients, the syntax is as a "standard" parameter-less numeric.
(*) NOTE: this is for the ascii version of the protocol. When the protocol
is stable, a binary version will be created. This binary version will use
a binary coding of all numerics, commands etcetera. Clients can indicate
in their "IAM" message if they wish to use the binary or the ascii version.
The user may register by sending a message
REG <e-mail address> <real name>
to the server. The server will send a password and the user ID to the
e-mail address by mail, thus ensuring that the e-mail address is not
fake. This address can be used to positively identify the RL person by
inquiring the user's provider, in case of serious (illegal) abuse.
The user has to enter the password and the ID in his client program,
which may store them on disk. The password and the ID have to be used
in the "IAM" message (which is sent right after the TCP/IP connection
with the server has been established) for identification purposes.
To make the registration effective, the user will have to reconnect.
Perhaps another message can be "invented" for this. Resending the "IAM"
message will confuse the server's network layer, and is not clean.
Note that ideas exist to provide "invisible" connect/reconnects so
that a server that will shut down may instruct the client program to
reconnect to a secondary server. A backlog of missed messages on a
channel is available (level 3 clients only) so that the client may
reconnect without visible interruption of the conversation.
Also note that most of these algorithms aren't implemented yet. So, this
is your chance to scream of sheer disagreement if you dislike the
protocol so far! Grab yer chance and mail me your comments.
Happy coding,
Grit