Major forum upgrade - Page 2

Xyzzy · 2008-10-26, 02:05

.

hhh · 2008-10-26, 02:44

Quote:

Originally Posted by Xyzzy

That is a new special security feature.

Can you disable it? H.

cheesehead · 2008-10-26, 04:57

Quote:

Originally Posted by hhh

the unfortunate change in the forum software that, though I'm logged in, asks me my password again once I try to delete a message?

Hmmm ... I haven't experienced this. I just now, as a test, deleted one of the old PMs in my inbox -- I wasn't asked for my password. Twice in recent days I have deleted new thread posts I had just submitted; in neither case was I asked for password.

H., are you referring to some type of message other than PM or thread post?

mdettweiler · 2008-10-26, 05:04

Quote:

Originally Posted by cheesehead

Hmmm ... I haven't experienced this. I just now, as a test, deleted one of the old PMs in my inbox -- I wasn't asked for my password. Twice in recent days I have deleted new thread posts I had just submitted; in neither case was I asked for password.

H., are you referring to some type of message other than PM or thread post?

Maybe this only happens when someone's performing an action that only a moderator can do (such as deleting someone else's post, or moving a post to a different thread, etc.)? Once since the upgrade I had to move a post of mine from one thread to another at Conjectures 'R Us (and even though it was my own post, I don't think a non-mod has the ability to move it from one thread to another)--and I was prompted for my password for that.

hhh · 2008-10-26, 07:08

Yeah, sorry, I meant posts, not messages. H.

Xyzzy · 2008-10-26, 12:33

Quote:

Can you disable it?

There is an option to disable it, but wouldn't that make things less secure?

How often does it ask you to put in your password?

hhh · 2008-10-27, 00:27

Well, every time I clean up the reservation post. Which I do every time there is something to clean up. Others o that less often, perhaps.

How often did you have problems with fraudulent post-deleting with the old style?
I just can't believe this "more security is always better than less"-stuff.

mdettweiler · 2008-10-27, 00:49

Quote:

Originally Posted by hhh

Well, every time I clean up the reservation post. Which I do every time there is something to clean up. Others o that less often, perhaps.

How often did you have problems with fraudulent post-deleting with the old style?
I just can't believe this "more security is always better than less"-stuff.

You have a good point there--after all, if someone's managed to get their hands on a moderator account in the first place, they've probably gotten their password anyway. (Either that, or if they didn't have the password but got past the login page in a different way, then I'm sure the password confirmation page wouldn't pose any more difficulty.)

Unless, that is, this is really intended as more of an "are you sure?" confirmation than a true security feature? (In which case, since "lowly" non-super moderators can only soft delete posts anyway, that wouldn't be that big a deal since you can get the posts back with a touch of a button anyway.)

Mini-Geek · 2008-10-27, 00:56

Quote:

Originally Posted by mdettweiler

You have a good point there--after all, if someone's managed to get their hands on a moderator account in the first place, they've probably gotten their password anyway. (Either that, or if they didn't have the password but got past the login page in a different way, then I'm sure the password confirmation page wouldn't pose any more difficulty.)

Unless, that is, this is really intended as more of an "are you sure?" confirmation than a true security feature? (In which case, since "lowly" non-super moderators can only soft delete posts anyway, that wouldn't be that big a deal since you can get the posts back with a touch of a button anyway.)

The only way I can see that page really being useful for security is for a mod that has a cookie to automatically log in, but doesn't have the password stored in a way visible to anyone (like FF's password manager).
It might be more useful as an are you sure page...but for that, you can just ask "Are you sure?" "Yes" or "No".

mdettweiler · 2008-10-27, 01:17

Quote:

Originally Posted by Mini-Geek

The only way I can see that page really being useful for security is for a mod that has a cookie to automatically log in, but doesn't have the password stored in a way visible to anyone (like FF's password manager).
It might be more useful as an are you sure page...but for that, you can just ask "Are you sure?" "Yes" or "No".

Ah yes, I hadn't thought of the usefulness in the case of a cookie being used to log on. In fact, I use a cookie to log on myself, though I usually lock my workstation's screen when I step away from it. But, yes, now that you mention that I can see its usefulness after all.

Maybe an option could be added to the User CP that would allow moderators to turn this feature on and off, based on whether they personally feel that their own security measures are enough to keep unauthorized personnel from accessing their computer while mersenneforum is logged on?

hhh · 2008-10-27, 09:53

The second point is, EVEN if I stay logged by cookies in and EVEN if someone finds out about it, what is the probability that this guy has any interest in deleting posts in mersenneforum? All people I know don't even know who Mersenne was.

Even if I keep logged in at an Internet Cafe in downtown anywhere for one year, I doubt anybody will go: "Ah, mersenneforum, cool, no but what is that? hhh still logged in? That's the mighty sub-moderator in the PSP-section, isn't he? Let's delete some post, man!" I doubt it. H.

2008-10-26, 02:05	#12
Xyzzy "Mike" Aug 2002 20040₈ Posts	. Attached Thumbnails

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Major projects using the cloud	GP2	Cloud Computing	5	2016-07-31 23:27
Major overhaul of the DB	10metreh	Aliquot Sequences	5	2010-08-29 01:10
Major software upgrade.	Xyzzy	Forum Feedback	37	2008-07-06 17:56
Major forum software change...	Xyzzy	Forum Feedback	19	2006-09-06 18:59
Forum upgrade...	Xyzzy	Lounge	13	2003-06-22 17:31

2008-10-26, 07:08	#16
hhh Jun 2005 373 Posts	Yeah, sorry, I meant posts, not messages. H.

2008-10-27, 00:27	#18
hhh Jun 2005 373 Posts	Well, every time I clean up the reservation post. Which I do every time there is something to clean up. Others o that less often, perhaps. How often did you have problems with fraudulent post-deleting with the old style? I just can't believe this "more security is always better than less"-stuff.

2008-10-27, 09:53	#22
hhh Jun 2005 175₁₆ Posts	The second point is, EVEN if I stay logged by cookies in and EVEN if someone finds out about it, what is the probability that this guy has any interest in deleting posts in mersenneforum? All people I know don't even know who Mersenne was. Even if I keep logged in at an Internet Cafe in downtown anywhere for one year, I doubt anybody will go: "Ah, mersenneforum, cool, no but what is that? hhh still logged in? That's the mighty sub-moderator in the PSP-section, isn't he? Let's delete some post, man!" I doubt it. H.