mersenneforum.org  

Go Back   mersenneforum.org > Other Stuff > Forum Feedback

Reply
 
Thread Tools
Old 2008-10-26, 02:05   #12
Xyzzy
 
Xyzzy's Avatar
 
"Mike"
Aug 2002

200408 Posts
Default

.
Attached Thumbnails
Click image for larger version

Name:	We love you too, Renee!.jpg
Views:	110
Size:	82.3 KB
ID:	2854  
Xyzzy is offline   Reply With Quote
Old 2008-10-26, 02:44   #13
hhh
 
hhh's Avatar
 
Jun 2005

5658 Posts
Default

Quote:
Originally Posted by Xyzzy View Post
That is a new special security feature.
Can you disable it? H.
hhh is offline   Reply With Quote
Old 2008-10-26, 04:57   #14
cheesehead
 
cheesehead's Avatar
 
"Richard B. Woods"
Aug 2002
Wisconsin USA

1E0C16 Posts
Default

Quote:
Originally Posted by hhh View Post
the unfortunate change in the forum software that, though I'm logged in, asks me my password again once I try to delete a message?
Hmmm ... I haven't experienced this. I just now, as a test, deleted one of the old PMs in my inbox -- I wasn't asked for my password. Twice in recent days I have deleted new thread posts I had just submitted; in neither case was I asked for password.

H., are you referring to some type of message other than PM or thread post?

Last fiddled with by cheesehead on 2008-10-26 at 04:57
cheesehead is offline   Reply With Quote
Old 2008-10-26, 05:04   #15
mdettweiler
A Sunny Moo
 
mdettweiler's Avatar
 
Aug 2007
USA (GMT-5)

3·2,083 Posts
Default

Quote:
Originally Posted by cheesehead View Post
Hmmm ... I haven't experienced this. I just now, as a test, deleted one of the old PMs in my inbox -- I wasn't asked for my password. Twice in recent days I have deleted new thread posts I had just submitted; in neither case was I asked for password.

H., are you referring to some type of message other than PM or thread post?
Maybe this only happens when someone's performing an action that only a moderator can do (such as deleting someone else's post, or moving a post to a different thread, etc.)? Once since the upgrade I had to move a post of mine from one thread to another at Conjectures 'R Us (and even though it was my own post, I don't think a non-mod has the ability to move it from one thread to another)--and I was prompted for my password for that.
mdettweiler is offline   Reply With Quote
Old 2008-10-26, 07:08   #16
hhh
 
hhh's Avatar
 
Jun 2005

373 Posts
Default

Yeah, sorry, I meant posts, not messages. H.
hhh is offline   Reply With Quote
Old 2008-10-26, 12:33   #17
Xyzzy
 
Xyzzy's Avatar
 
"Mike"
Aug 2002

100000001000002 Posts
Default

Quote:
Can you disable it?
There is an option to disable it, but wouldn't that make things less secure?

How often does it ask you to put in your password?
Xyzzy is offline   Reply With Quote
Old 2008-10-27, 00:27   #18
hhh
 
hhh's Avatar
 
Jun 2005

373 Posts
Default

Well, every time I clean up the reservation post. Which I do every time there is something to clean up. Others o that less often, perhaps.

How often did you have problems with fraudulent post-deleting with the old style?
I just can't believe this "more security is always better than less"-stuff.
hhh is offline   Reply With Quote
Old 2008-10-27, 00:49   #19
mdettweiler
A Sunny Moo
 
mdettweiler's Avatar
 
Aug 2007
USA (GMT-5)

3×2,083 Posts
Default

Quote:
Originally Posted by hhh View Post
Well, every time I clean up the reservation post. Which I do every time there is something to clean up. Others o that less often, perhaps.

How often did you have problems with fraudulent post-deleting with the old style?
I just can't believe this "more security is always better than less"-stuff.
You have a good point there--after all, if someone's managed to get their hands on a moderator account in the first place, they've probably gotten their password anyway. (Either that, or if they didn't have the password but got past the login page in a different way, then I'm sure the password confirmation page wouldn't pose any more difficulty.)

Unless, that is, this is really intended as more of an "are you sure?" confirmation than a true security feature? (In which case, since "lowly" non-super moderators can only soft delete posts anyway, that wouldn't be that big a deal since you can get the posts back with a touch of a button anyway.)

Last fiddled with by mdettweiler on 2008-10-27 at 00:49
mdettweiler is offline   Reply With Quote
Old 2008-10-27, 00:56   #20
Mini-Geek
Account Deleted
 
Mini-Geek's Avatar
 
"Tim Sorbera"
Aug 2006
San Antonio, TX USA

10000101010112 Posts
Default

Quote:
Originally Posted by mdettweiler View Post
You have a good point there--after all, if someone's managed to get their hands on a moderator account in the first place, they've probably gotten their password anyway. (Either that, or if they didn't have the password but got past the login page in a different way, then I'm sure the password confirmation page wouldn't pose any more difficulty.)

Unless, that is, this is really intended as more of an "are you sure?" confirmation than a true security feature? (In which case, since "lowly" non-super moderators can only soft delete posts anyway, that wouldn't be that big a deal since you can get the posts back with a touch of a button anyway.)
The only way I can see that page really being useful for security is for a mod that has a cookie to automatically log in, but doesn't have the password stored in a way visible to anyone (like FF's password manager).
It might be more useful as an are you sure page...but for that, you can just ask "Are you sure?" "Yes" or "No".
Mini-Geek is offline   Reply With Quote
Old 2008-10-27, 01:17   #21
mdettweiler
A Sunny Moo
 
mdettweiler's Avatar
 
Aug 2007
USA (GMT-5)

3·2,083 Posts
Default

Quote:
Originally Posted by Mini-Geek View Post
The only way I can see that page really being useful for security is for a mod that has a cookie to automatically log in, but doesn't have the password stored in a way visible to anyone (like FF's password manager).
It might be more useful as an are you sure page...but for that, you can just ask "Are you sure?" "Yes" or "No".
Ah yes, I hadn't thought of the usefulness in the case of a cookie being used to log on. In fact, I use a cookie to log on myself, though I usually lock my workstation's screen when I step away from it. But, yes, now that you mention that I can see its usefulness after all.

Maybe an option could be added to the User CP that would allow moderators to turn this feature on and off, based on whether they personally feel that their own security measures are enough to keep unauthorized personnel from accessing their computer while mersenneforum is logged on?
mdettweiler is offline   Reply With Quote
Old 2008-10-27, 09:53   #22
hhh
 
hhh's Avatar
 
Jun 2005

17516 Posts
Default

The second point is, EVEN if I stay logged by cookies in and EVEN if someone finds out about it, what is the probability that this guy has any interest in deleting posts in mersenneforum? All people I know don't even know who Mersenne was.

Even if I keep logged in at an Internet Cafe in downtown anywhere for one year, I doubt anybody will go: "Ah, mersenneforum, cool, no but what is that? hhh still logged in? That's the mighty sub-moderator in the PSP-section, isn't he? Let's delete some post, man!" I doubt it. H.
hhh is offline   Reply With Quote
Reply



Similar Threads
Thread Thread Starter Forum Replies Last Post
Major projects using the cloud GP2 Cloud Computing 5 2016-07-31 23:27
Major overhaul of the DB 10metreh Aliquot Sequences 5 2010-08-29 01:10
Major software upgrade. Xyzzy Forum Feedback 37 2008-07-06 17:56
Major forum software change... Xyzzy Forum Feedback 19 2006-09-06 18:59
Forum upgrade... Xyzzy Lounge 13 2003-06-22 17:31

All times are UTC. The time now is 13:06.


Sat Jul 17 13:06:30 UTC 2021 up 50 days, 10:53, 1 user, load averages: 2.25, 2.22, 1.92

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.