From: Ken K. <ke...@to...> - 2004-01-27 09:54:05
|
Hi. I like the password on the new user page. I agree other schemes are not likely to work well in practice. When you say virtually nothing remains visible - what about published web reports? Is it hard to make an exception for them? I think we agree they should be public. Best, -ken ----- Original Message ----- From: "." <je...@ds...> To: "WebReports" <web...@li...> Sent: Tuesday, January 27, 2004 9:35 AM Subject: [Webreports-uedesign] Security > I have started to close up the site to non-members. Virtually nothing will > remain visible to those who do not log in. > > The current suggestion for new members is to implement a scheme where any > new member must be cleared by someone with local authority. My fear is > that this will prove to cumbersome in practice: we must implement this new > scheme on the server, distribute the authority, and most importantly: > teach all possible teachers/researchers how to use this feature properly. > My experiences so far indicate that this will not be easy. > > I would thus suggest that we start with a simpler approach: to the > "register-new-user-form", we add an extra password field. This password > will be distributed among us teachers/researchers, and is required for a > new user to be registered. The teacher can make this password known to new > users in an appropriate way. > > Although this certainly does not stop NSA from entering our site, I would > think this is good enough for us to show potentially worried parents that > only people we know can join the site. The main risk, as I see it, is > that this password over time is "leaked" to people outside our project, > but it would be easy to change the password from time to time, and then > redistribute the new password. > > Implementing this change would be easy for me to do. What do you think? > > Jesper > > > ------------------------------------------------------- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > _______________________________________________ > Webreports-uedesign mailing list > Web...@li... > https://lists.sourceforge.net/lists/listinfo/webreports-uedesign > > |