[X2serv-general] User instant registration

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I would like to get x2 to a possition where users can register their own
channels online.

Here are the requirements as I see them:
 * Must validate email address as correct
 * Must limit email addresses to x channels
 * Must be able to block some email addresses
 * User must have ops in the channel they want to register
    * handle a netsplit situation?
 * Must be reasonably resiliant to a DoS attack
   * Rate limit x registrations per hour?
 * Must not register a channel to an email address
   that previously failed to verify itself in the past.
 * Must do some ammount of validity checking of channel name and email
address.

The eaisiest way to do this that I can think of is to allow people to
"register" a channel via an online command which takes channel name and
email address as paramiters. 

If they are opped in said channel, and no other channels which are
marked as unverified have that same email address, and the email address 
isnt in a list of disallowed address masks and passes some basic tests,
AND is not in a list of already attempted addresses, x2 joins
it, ops itself, adds them as owner, generates a random password for them
and emails it to the address supplied. The channel is marked as
unverified.

Then, in the login code, if a channel is marked as unverified adn the
owner logs in, its marked as verified.

In its self matanence loops, x2 unregisters any channel which is
unverified when it is older than x hours (48?) and adds the email address
givin to a list of addresses not to be used anymore (to prevent people
from using x2 to haras someone)

Drawbacks: 
  * 100 clones connect to the network and flood x2 with registration
requests, using random email addresses. 100 clones can generate 50 lines
per second. This could cause x2 to send out a LOT of email, and make the
channel database very very big.
  + Solution - rate limit registrations and wallop if the limit is
hit. Possibly delay email for 5-10 minutes so that if a rate-limit is hit
ircops can intervene before x2 floods invalid email addresses with mail.

  * Channels are easy to get, lots will go unused
  + Solution - Expire channels sooner unless they are established, for
example a channel expires in 10 days unless the owner has visited it at
least once 24 hours or more after it was registered. (similar to hotmail)

  * User tries to register, doesnt manage to log in in time, and channel
is removed, their address is added to the blacklist.. now they want to
register.
  + Solution - Oper discression? Tough luck?

Thoughts? Comments?

       Alex Schumann

     Assistant Coordinator         \   ___
     Residential Computer Network   |   |    "You can no more win a war
     Oregon State University        \._/      than you can win an earthquake."
     http://rcn.orst.edu             |          --Jeannette Rankin (1880-1973)