Wow, the site's really coming along now. I like the revised design,
especially the slick new graphics.
I'm fairly worn out right now, but I browsed the site for a bit and took
some notes. If I missed something obvious please feel free to point and
laugh. Here are a couple of issues I've noticed:
- On login failure, the login form is returned with the password field
prepopulated along with the username
- I tried a password reset for my account twice (before I remembered my
password), but never received the email; not sure if it's just my
account/email that's borked
- On a forum thread page, the link to a user's profile redirects to the
viewer's own profile (e.g. /profile/public_profile?userid=username ->
/profile/show); should be /profile/public_profile/username instead?
- On a forum page, threads don't appear to be sorted in any fashion
(latest-post-first is typical)
- Users are unable to edit their own forum posts (is this intentional?)
- Users are unable to edit/withdraw their own captures (again, intentional?)
- Might suggest switching to CSS-based rollovers for the menu images,
considering a good percentage of users are likely to have disabled
javascript
Those notes aside, OpenPacket is really shaping up nicely! Keep up the
great work!
stretch
Richard Bejtlich wrote:
> Hello all,
>
> Thanks to yet more excellent, all-volunteer work by our developer
> Sharri Parsell, I am happy to notify you RC2 of OpenPacket.org is now
> available at
>
> http://beta.openpacket.org:8080/
>
> Thank you to JJC of www.redsphereglobal.com for continuing to provide
> hosting. JJC will host the site until it appears that we are
> outgrowing his generosity. If you would like to sponsor us, please
> contact me (taosecurity at gmail dot com).
>
> Please take another look at the site and report feedback to the
> ope...@li... mailing list.
>
> This site is considered RC2 quality. We plan to announce RELEASE on 20
> February to coincide with the first day of Black Hat DC Briefings.
>
> If you are interested in assessing the security of the site, please
> contact me directly. We can coordinate with Sharri and JJC to ensure
> your discoveries do not catch us by surprise. We appreciate those of
> you who did some XSS testing -- please try again and let us know what
> you find.
>
> Sincerely,
>
> Richard
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openpacket-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openpacket-devel
>
>
|
