Page 1 of 1


PostPosted: Wed Nov 21, 2007 3:46 pm
by huw
Looking good! One complaint though...

I just registered and received an email containing my password in plain text. I know this is not uncommon, and that forums are often considered places where you use low security passwords, but why then go to the trouble of encrypting the password database on your server and telling me so? Email is highly insecure. I don't like receiving my password by email - it seems so unnecessary. At least asterisk out the middle characters.

Re: Registration

PostPosted: Wed Nov 21, 2007 3:55 pm
by DrewJensen
you are right and I think the third person now to bring this up...

right now the board is 'out of the box' pretty much and that is the default behavior, wanted to be sure it was stable as such before we started hacking on the code - this will go in as a one of the first modifications - work on those should begin first of next week.

I'll put a notice up when that's done - of course that won't help you I know - I'd suggest just going in and changing it if it bothers you..sorry for the inconvenience.

And if I might, while I have your attention. What would be your thought of our supporting something like OpenID?

Re: Registration

PostPosted: Wed Nov 21, 2007 4:29 pm
by huw
I will change my password, and delete the email, thanks.

I got an OpenID at a couple of years or so ago, when it was being developed, and used it for a while. It seemed to work, and "people who know" seem to trust it, but I gradually stopped using it. Partly because I never thoroughly understood how it was secure, also because it wasn't widely adopted, and mostly because it tied my relatively anonymous posts to my personal domain, which is anything but anonymous.

It also depended on my domain not being down, which is extra fragility. Finally, if I go to it doesnt accept my old login and doesn't have any instructions. Does that mean my old OpenID is gone? Do you see what I mean about not really understanding...?!

Re: Registration

PostPosted: Wed Nov 21, 2007 4:35 pm
by DrewJensen
Well, haven't used it personally but have been seeing a fair bit about it and thought I would toss it out to see if anyone had any real world experience with it.

At this point it isn't even something I would actually make a proposal on.

Thanks much for you input...