Subject:
|
Re: New feature: Article rating
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Sun, 26 Mar 2000 17:58:53 GMT
|
Viewed:
|
1812 times
|
| |
|
|
In lugnet.admin.general, Todd Lehman writes:
> In lugnet.admin.general, Ed Jones writes:
> > I do foresee one possible area that could be a problem (but I could be
> > overreacting) - Auction/Sale/Trade announcements could all end up with a 75
> > rating (the initial 50 and then the poster gives it a 100). This could give
> > a false rating for those announcements.
>
> It'll probably get counter-balanced by people marking some of the more annoying
> ones down. Anyway, it's up to each individual reader whether or not they wish
> to pay attention to the ratings.
Hrmmm .... or maybe article scoring could be turned off for the market
groups where listings are posted? Probably not, though, since those groups
often contain discussion in addition to listings.
> > One minor kvetch. Logging in asumes that I know my password (which I don't
> > and have to dig it out each time).
>
> Do you sign in often from a public place such a library?
Dunno about Ed, but I read LUGNET from public places every day - meaning
places other than my primary machine at work or at home. Labs, publicly
accessible machines, coworkers cubicles, etc.
> Thinking more about it -- but it needs to be thought through very carefully.
I agree, but it needs to _happen_ or the "sign in to use 'em" features are
much less valuable to at least some users.
> For example, if people can pick just any old password they want, then there
> has to be some sort of check by the server to make sure that the password
> isn't too insecure. Usually these checks involve scanning a dictionary of
> words and names doing permutations on them, etc. The check has to be able >to
> identify double-word as well as single-word problems, for example "giraffe"
> (one word) or "puppydog" (two words) or "boxed" (one word, but also two
> portions of a name).
How about minimum of 8 characters with at least 2 numbers or other special
characters? 6 and 1 is fairly common.
> Of course, there are solutions (at least two I can think of so far*):
>
> 1. Allow people to select from several machine-generated passwords and to
> choose a favorite.
Still don't like it. And what's to prevent people from memorizing that
password and using it on other systems? You're back to the "what if LUGNET
is hacked and someone uses those passwords to empty Paypal accounts" scenario.
> 2. Allow people to add an easy-to-remember password of their own choosing
> on top of the main password, and require both passwords in order to be
> fully signed-in. This would allow people to store their main password in
But this would still require a user to carry that long password around with
them, especially if they used public machines. Storing a cookie on one of
my lab machines may do you some good for anywhere from a few hours to a few
days, depending on when that machine gets an image pushed down to it, wiping
those cookies out.
|
|
Message has 2 Replies:
 | | Re: New feature: Article rating
|
| (...) Excellent point. Thanks. You've just demonstrated that a machine generated password does absolutely nothing to ensure (as in 100%) that a password is actually unique to a particular system. It makes it more probable, but doesn't (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
| | | Re: New feature: Article rating
|
| (...) The argument here is that if you get too restrictive (requiring one non alphanumeric, for example) you cut the set of passwords down far enough that you make brute force attack easier! I tend to favor trying a few quick checks on the pw to see (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)
|
Message is in Reply To:
| | Re: New feature: Article rating
|
| (...) It'll probably get counter-balanced by people marking some of the more annoying ones down. Anyway, it's up to each individual reader whether or not they wish to pay attention to the ratings. (...) Do you sign in often from a public place such (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
