Pseudo Authentication


Jump to: navigation, search

Sometimes, you have a bulletin board or web forum, where people exchange messages publicly, and want your users to trust each other, but you don't want to go through implementing an user registration database and authentication scheme. Sometimes it is a bit too much or overcomplicated, or requires some storage space and maintenance time that you are not willing to provide.

One easy solution is to provide a "pseudo-authentication" system (I don't know if there is a better name for it). It consists of allowing each user use any username/password pair to log onto your system and then using a hashed result of those login credentials to identify the author of each post. This way, the authentication data is also public, and the community itself may verify who really posted each message.

Since you don't have to keep an user database, you don't have to worry about wiping it regularly, or users registering tons of accounts. Yet, serious and regular users will still have a way to trust each other posts given they already know their "pseudo-id".

Here is a proof-of-concept innd filter I've written for the U-Br guys, just to show that it is possible to use it on newsgroups and how it works. It is a bit different: it gets a secret phrase between '#' markers from the From field of a posting, hash it using SHA1 and replace it with part of the hash result.