Registration

Let us know how we are doing -

Registration

Postby huw » Wed Nov 21, 2007 3:46 pm

Looking good! One complaint though...

I just registered and received an email containing my password in plain text. I know this is not uncommon, and that forums are often considered places where you use low security passwords, but why then go to the trouble of encrypting the password database on your server and telling me so? Email is highly insecure. I don't like receiving my password by email - it seems so unnecessary. At least asterisk out the middle characters.
huw
Volunteer
 
Posts: 417
Joined: Wed Nov 21, 2007 1:57 pm

Re: Registration

Postby DrewJensen » Wed Nov 21, 2007 3:55 pm

you are right and I think the third person now to bring this up...

right now the board is 'out of the box' pretty much and that is the default behavior, wanted to be sure it was stable as such before we started hacking on the code - this will go in as a one of the first modifications - work on those should begin first of next week.

I'll put a notice up when that's done - of course that won't help you I know - I'd suggest just going in and changing it if it bothers you..sorry for the inconvenience.

And if I might, while I have your attention. What would be your thought of our supporting something like OpenID?
Last edited by DrewJensen on Wed Nov 21, 2007 4:59 pm, edited 1 time in total.
Reason: fixed typo in url for OpenID
Former member of The Document Foundation
Former member of Apache OpenOffice PMC
LibreOffice on Ubuntu 18.04
User avatar
DrewJensen
Volunteer
 
Posts: 1734
Joined: Sat Oct 06, 2007 9:01 pm
Location: Cumberland, MD - USA

Re: Registration

Postby huw » Wed Nov 21, 2007 4:29 pm

I will change my password, and delete the email, thanks.

I got an OpenID at http://imperialviolet.org/ a couple of years or so ago, when it was being developed, and used it for a while. It seemed to work, and "people who know" seem to trust it, but I gradually stopped using it. Partly because I never thoroughly understood how it was secure, also because it wasn't widely adopted, and mostly because it tied my relatively anonymous posts to my personal domain, which is anything but anonymous.

It also depended on my domain not being down, which is extra fragility. Finally, if I go to http://openid.imperialviolet.org/ it doesnt accept my old login and doesn't have any instructions. Does that mean my old OpenID is gone? Do you see what I mean about not really understanding...?!
huw
Volunteer
 
Posts: 417
Joined: Wed Nov 21, 2007 1:57 pm

Re: Registration

Postby DrewJensen » Wed Nov 21, 2007 4:35 pm

Well, haven't used it personally but have been seeing a fair bit about it and thought I would toss it out to see if anyone had any real world experience with it.

At this point it isn't even something I would actually make a proposal on.

Thanks much for you input...
Former member of The Document Foundation
Former member of Apache OpenOffice PMC
LibreOffice on Ubuntu 18.04
User avatar
DrewJensen
Volunteer
 
Posts: 1734
Joined: Sat Oct 06, 2007 9:01 pm
Location: Cumberland, MD - USA


Return to Site Feedback

Who is online

Users browsing this forum: No registered users and 0 guests