Re: passwords and ref's

Brian Godette (bgodette@idcomm.com)
Wed, 06 May 1998 13:11:06 -0600


At 05:37 PM 5/6/98 +0000, you wrote:
>Jason:
>
>Reflector passwords on the commercial side of things ARE used.... let me
give
>you 2 examples of what I mean....
>
>Let's pretend I work for a software development firm that uses White Pine
>CUSeeMe for videoconferencing (instead of having to travel to a remote
>destination for a meeting, or instead of conference calls via a telephone in
>which you can't see or interact via whiteboard with all of the participants).
>The company I work for has a private reflector set up with various conference
>ids for the departments using the reflector. In addition, my company has
set up
>passwords for each of the conferences to keep out unwanted participants...
>without these passwords in placed, a competitor or an unwanted 3rd party
could
>easily listen in on our private, company meetings, and gain access to
propietary
>information....

And how does the competitor obtain the CID in the first place? If they
obtain that the same is true for the password... just as pointless. Or
perhaps you're thinking they're using some sort of CID "cracking" tool...
well gee ERef puts a stop to that :)

>
>Or, for example, let's say you are in the entertainment field, and have
set up a
>reflector so that users can chat 1:1 with movie stars or people in the
>entertainment field. You charge the user for this privilege, and then
give them
>a password to the conference so that people who have not paid for access
cannot
>get in....

Same thing here... but a better solution is to use ADMIT's so that someone
can't hand out the CID to his "good friend". A password here is just as
vunerable to redistribution, remember it isn't on a per-client basis, it's
the same password for all clients to access that conference. All passwords
do is limit access to the conference to WP clients only, and only the 32bit
PC version if it's anything less than a 3.* version.

>
>Yeah, I know, I'm oversimplifying here.... I guess what I'm trying to say is
>maybe we need to stop thinking as personal home users, and maybe start
thinking
>about possible corporate uses for our technology..... then, many of the
things
^^^^^^^^^^^^^^
Always knew you worked for White Pine (as if there was any doubt).

>in software today would make sense :) - and, it also boils down to
preferences
>and personal taste... I can understand you not wanting to visite a ref
that has
>a password in place, but that doesn't mean reflector passwords do not have
their
>uses... to each his own :)

I can't think of any use for passwords, they're just as vunerable to leaks
as CID's, and CID cracking can be easily prevented.

>
>Cornell and White Pine have BOTH produced excellent products.... I guess
the one
>you use depends on personal preference.... simple as that :)
>
>
>BTW - Tim Dorcey (one of the original programmers of CU at Cornell) and his
>associates have incorporated password protection in their new iVisit product
>(which I also like)....

For a far different reason, without it there is no way to prevent unwanted
people from joining your conference as there are no other access controls
for conferences in iVisit.