[Fofredux-devel] authentication and privacy

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Fri, Dec 02, 2005 at 11:08:32AM -0800, Benjamin Stewart wrote:
> Magpie's methods should take cookies for feeds as an optional argument,
> and then FORF can store and pass those cookies to magpie.  

That sounds like a reasonable way to implement the LJ
authentication.

There's a privacy issue with all this that didn't occur to me until
someone pointed it out.  Our aggregator is wide open by default, and
here we're setting it up so it publishes content that was never
meant to be public.  I don't think we can count on all fofredux
users actively making an effort to password-protect their fofredux
installation, no matter how many big red warnings we include.
Perhaps the only ethical thing to do, if we're going to start
allowing users to read sensitive content, would be to lock down
fofredux by default, with a password or some other mechanism to
prevent just anyone (or anybot) from accessing it.  How do y'all
feel about that?

This could tie in to a multi-user feature; if we're going to be
introducing authentication anyway, maybe it's not such a big deal to
force the user to set up a login name and password before using
fofredux.

-- 
Katie Bechtold         http://hoteldetective.org/