From:
nospam.g00r00@f215.n129.z1.fidonet.org
So, if PKT does NOT have password but a password is configured, it should detect it and NOT use it, and at least provide a warning ' PKT password especified for address, but PKT does not require it' (instead of saying ' invalid pkt'... which is not real. The PKT is fine, the problem is something else)
There is no error that says "Invalid PKT" in the current version. If that were the error message I agree it'd absolutely need to be changed! The error message is "PKT passsord does not match password set for <address>".
In terms of the PKT password logic: I understand what you're saying but I am not sold on changing it and let me explain why.
We cannot be sure a system connecting to you and saying its your hub is really your hub, so the security provided by a PKT password is a two-way street. In other words if Mystic would ignore a missing password from an incoming PKT it would create a big security hole.
Lets say for example you have a hub connection to 1:1/1 and you've configured it to require a PKT password. An unknown system connect to you and sends you a PKT file "from 1:1/1" that contains 1,000,000 gibberish echomail messages.
Result 1 (Mystic today):
Mystic sees that the password you've configured for 1:1/1 does not match what is in the PKT. The PKT files are refused because Mystic cannot be sure the PKT files are legit. The error message is: "PKT password does not match password set for 1:1/1"
(This message used to just be 'Bad password' but I've changed it)
Result 2 (if I changed it to not use it):
Mystic sees that the PKT does not have the password you've set up, but processes it anyway. Your BBS system is flooded with 1,000,000 gibberish echomail messages from an unknown system pretending to be 1:1/1. Your system is also a hub for 10 other systems too and those 1,000,000 messages are sent to the downlinks flooding the network with 11,000,000 gibberish messages.
--- SoupGate-Win32 v1.05
* Origin: www.darkrealms.ca (1:229/2)