Opened 15 years ago
Last modified 14 years ago
#46 new enhancement
Support hiding groups in nnrpd
| Reported by: | eagle | Owned by: | eagle |
|---|---|---|---|
| Priority: | low | Milestone: | |
| Component: | nnrpd | Version: | |
| Severity: | wishlist | Keywords: | |
| Cc: |
Description
Currently, groups that exist but that one isn't allowed to read receive different error codes (480 or 502) than groups that don't exist (411). This lets users probe for the existence of groups, which may be an information leak.
Add support for a hide: key in readers.conf listing a wildmat of groups for which nnrpd will pretend complete non-existence, returning 411 instead of 480/502. This lets news administrators hide groups at the cost of clients not knowing when to do reactive authentication for them.
Note: See
TracTickets for help on using
tickets.
These groups will have to be hidden from GROUP/LISTGROUP, LIST responses, XGTITLE and NEWGROUPS.