14
I think that there are a number of different, but related issues balancing usability, security and flexibility.
1: The autologin hack -- From a usability standpoint I like autologin, but I don't like it from a security standpoint. For now, I would keep it as a hack -- if you want to implement autologin, use the hack. In the long term, I would like to see autologin as an option. I wouldn't mind if it was an installation option -- you can either install XOOPS with autologin or whithout with lots of warnings about the risks and probably some information about how to mitigate those risks.
2: User Ids -- I don't like user ids. I prefer using email addresses for login purposes. That gives the user one less thing to remember -- what user id did I use for that site again? I know that there are hacks out there to implement an email address logon, but I think that this should be part of the core. I would also like to see it as a configurable option. That way you can either use email address for logon and not require a user id or you can require a separate user id.
3. Display Name vs. Real Name -- I like being able to distinguish between real name and display name. We don't have to require the display name. We can default to show either the user id (email address?) or the Real Name if no Display Name is given. And again, make this configurable. I think of the Display Name as being like an text avatar -- I can use one or not. Couldn't it be part of the extended profile?
4. What do display? -- Regardless of what we use to logon (user id or email address), we should have the ability to specify how the user is identified within the site. Even better, let the user specify what should be displayed and provide a default value.
Just my two cents.
Keep up the great work.
James
