Subject:
|
Re: New feature: Article rating
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Sun, 26 Mar 2000 17:30:38 GMT
|
Highlighted:
|
!
(details)
|
Viewed:
|
1650 times
|
| |
|
|
In lugnet.admin.general, Ed Jones writes:
> I do foresee one possible area that could be a problem (but I could be
> overreacting) - Auction/Sale/Trade announcements could all end up with a 75
> rating (the initial 50 and then the poster gives it a 100). This could give
> a false rating for those announcements.
It'll probably get counter-balanced by people marking some of the more annoying
ones down. Anyway, it's up to each individual reader whether or not they wish
to pay attention to the ratings.
> One minor kvetch. Logging in asumes that I know my password (which I don't
> and have to dig it out each time).
Do you sign in often from a public place such a library?
> Is "changing your pasword" in the works?
Thinking more about it -- but it needs to be thought through very carefully.
For example, if people can pick just any old password they want, then there
has to be some sort of check by the server to make sure that the password
isn't too insecure. Usually these checks involve scanning a dictionary of
words and names doing permutations on them, etc. The check has to be able to
identify double-word as well as single-word problems, for example "giraffe"
(one word) or "puppydog" (two words) or "boxed" (one word, but also two
portions of a name).
That's for the user's protection. Secondly, for LUGNET's protection, there
has to be some way to ensure that people don't use passwords here that they
might use elsewhere. For example, if someone uses the password "blorkshmork"
everywhere online, that's bad from LUGNET's point of view, because it opens
up potential questions or finger-pointing if someone's account on some other
system ever was compromised. Consider this hypothetical situation: "Someone
broke into my PayPal account yesterday and took all my money. The only other
place I use that password is at LUGNET. Not that I particularly suspect
anyone, but this certainly does raise some questions." From a risk assessment
point of view, it's imperative to take this possibility under consideration
and prevent even the possibilty of it happening, if at all possible.
Of course, there are solutions (at least two I can think of so far*):
1. Allow people to select from several machine-generated passwords and to
choose a favorite.
2. Allow people to add an easy-to-remember password of their own choosing
on top of the main password, and require both passwords in order to be
fully signed-in. This would allow people to store their main password in
a main cookie on machines at work, and use the secondary easy-to-remember
password for quick signing in and signing out whenever they wanted. Thus
they would only have to remember one short password which someone snooping
on their machine probably couldn't guess, yet the main password would
still be there for other security reasons.
--Todd
* I've been thinking about this for more than two years and have still only
come up with these two solutions.
|
|
Message has 3 Replies:
 | | Re: New feature: Article rating
|
| (...) I think people should be able to be fully signed in without machine-generated passwords - otherwise it is discriminating against those who use a lot of different machines. What about using the double-login idea with two distinct user-definable (...) (24 years ago, 26-Mar-00, to lugnet.admin.general)
| | | Re: New feature: Article rating
|
| (...) Hrmmm .... or maybe article scoring could be turned off for the market groups where listings are posted? Probably not, though, since those groups often contain discussion in addition to listings. (...) Dunno about Ed, but I read LUGNET from (...) (24 years ago, 26-Mar-00, to lugnet.admin.general)
| | | Re: New feature: Article rating
|
| (...) annoying (...) Good point. (...) I sign in from various workstations in various training rooms in 2 different buildings. (...) Until you added Article Rating, the only function a member could perform by logging in was to edit their profile (if (...) (24 years ago, 27-Mar-00, to lugnet.admin.general) !
|
Message is in Reply To:
| | Re: New feature: Article rating
|
| (...) Excellent. I do foresee one possible area that could be a problem (but I could be overreacting) - Auction/Sale/Trade announcements could all end up with a 75 rating (the initial 50 and then the poster gives it a 100). This could give a false (...) (24 years ago, 26-Mar-00, to lugnet.admin.general)
|
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
