Opened 11 years ago

Last modified 10 years ago

#46 new enhancement

Support hiding groups in nnrpd

Reported by: eagle Owned by: eagle
Priority: low Milestone:
Component: nnrpd Version:
Severity: wishlist Keywords:
Cc:

Description

Currently, groups that exist but that one isn't allowed to read receive different error codes (480 or 502) than groups that don't exist (411). This lets users probe for the existence of groups, which may be an information leak.

Add support for a hide: key in readers.conf listing a wildmat of groups for which nnrpd will pretend complete non-existence, returning 411 instead of 480/502. This lets news administrators hide groups at the cost of clients not knowing when to do reactive authentication for them.

Change History (1)

comment:1 Changed 10 years ago by Julien ÉLIE

These groups will have to be hidden from GROUP/LISTGROUP, LIST responses, XGTITLE and NEWGROUPS.

Note: See TracTickets for help on using tickets.