41
wtravel
Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

Perhaps for security reasons the different login name is not necessary. But I think in some cases, showing a different display name than the username would be desirable.

For example, when I use XOOPS for an intranet site, I do not want to show usernames in forum posts. I would like to show the real names instead.

So a little flexibility in the use of names would be helpful in my opinion. I also agree that making this optional would serve everyone's needs

42
Mandlea
Re: Protest Thread to *REMOVE* Displayname Field From Xoops...
  • 2006/2/5 21:03

  • Mandlea

  • Just popping in

  • Posts: 25

  • Since: 2006/2/3 0


Definitely agree with you there. I think in the SmartSections article module you can tick an option to display the Author's Real Name field instead of his username. You could include that kind of feature easily for posters in a forum, which would be useful.

I don't think the Displayname security feature should be an option at all. It really just should not be there, because as I've said lots of time above, it doesn't actually do anything to secure an account. But I would definitely be happy if it was included and I could totally ignore it as an option on my site That's fair middle-ground i think

43
wtravel
Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

Quote:
Displayname: Mandlea
Loginname: Apple <= unknown to hacker
Password: Cart <= unknown to hacker

that's no more difficult to hack than:

Username: Mandlea
Password: CartApple <= unknown to hacker


Mandlea,

I agree that a strong password would protect the account much better from being hacked but your last example is not flawless .

The first example requires more attempts than the second example (in theory), because of two unknown variables instead of one . In the first example assume the password is the same as is in the second example. That leaves only the unknown loginname as an additional barrier.

But again, building in an extra check on password length and use of numbers or special characters upon registration or change of password would help a lot more I think.

44
marook
Re: Protest Thread to *REMOVE* Displayname Field From Xoops...
  • 2006/2/5 21:13

  • marook

  • Friend of XOOPS

  • Posts: 89

  • Since: 2002/9/9 1


Hi All,

Let me add my voice here..

1: After having considered this some time, I have to agree that the Displayname does not give the Wanted raised security. At least not as long as the admins or HR department of the site are not able to get notifications when users change their 'personality'.

As already mentioned, I would like to back these initiatives:
- Explain why it's there!
- Make it optionally
- Add notifications to admins (optionally) on change
- Disable the users login for X minutes if login attemt failes Y times within N minutes. Default: 120, 3, 20

2: If people like to make it non-editable right now, you could do many things:
- Make it a copy of username in the register form (Use JS to copy the value to uname on keyup in name) and make it a hidden field.
- Use CSS to make it non-editable on the client side.

And there might be others.

I think the world right now show us that the best way is Possitive, construktive dialog...

Let there be room for us all!

Marook,

Want to go on a Safari with me?
(Yes, it is me in that avatar.. )

45
gtop00
Re: Protest Thread to *REMOVE* Displayname Field From Xoops...
  • 2006/2/5 22:08

  • gtop00

  • Friend of XOOPS

  • Posts: 498

  • Since: 2004/11/13


Dear All,

I believe that this subject has been discussed a lot and I also believe that there is not a need for the "Displayname"

To be more clear; Please read these Threads a)What do you think about new login in XOOPS 2.2, b) Real Name in XOOPS 2.2 rc2 (there may be more...), in order to understand that almost nobody likes it.

And, in order to be constructive:
Let's focus on the real subject. I do not believe that there is a need for "Very" high security for a simple member at a normal site. What somebody (hacker???) can do to a site other than posting some "bad" posts until a moderator/admin finds him (and change the password). In contrary, where high security is needed, is the administrator. So, what more simple than to add an additional login feature/password for the admins? I feel that it should have been incorporated in the core a long time ago. It is not that secure to enter the admin area with a simple click...

46
Mandlea
Re: Protest Thread to *REMOVE* Displayname Field From Xoops...
  • 2006/2/5 22:24

  • Mandlea

  • Just popping in

  • Posts: 25

  • Since: 2006/2/3 0


Thanks for those threads, I didn't notice them before. Certainly seems to be a lot of mixed opinions as to whether it's a good or bad addition.

Does anyone know if there has been any "official" word from anyone in the XOOPS Core Development Team? Have they said if it's going to be a definite feature of all future releases...particularly XoopsSphere when it's finally released???

47
davidl2
Re: Protest Thread to *REMOVE* Displayname Field From Xoops...
  • 2006/2/5 22:30

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


I certainly hope its kept.

48
gtop00
Re: Protest Thread to *REMOVE* Displayname Field From Xoops...
  • 2006/2/5 22:59

  • gtop00

  • Friend of XOOPS

  • Posts: 498

  • Since: 2004/11/13


Dear David, let's be honest. The Displayname creates a mess. Even myself, in my site, cannot change my Displayname (I used it from the very beginning) since nobody will recognize me anymore...

49
skalpa
Re: Protest Thread to *REMOVE* Displayname Field From Xoops...
  • 2006/2/5 23:03

  • skalpa

  • Quite a regular

  • Posts: 300

  • Since: 2003/4/16


k... this thread has been long enough, so I'll bring my 2c shortly:

- I agree the real name may be a good thing, but that is should not be changed
- I also think that, security-wise what it brings is limited (now: it's not "nothing", but it's limited)
- The default minimum lengths set for new users login/pwd in the core should be changed (by default it's 3 and 5 chars, which is not enough)... admins can change them, so no big deal, it's just that by default XOOPS should be installed with something like 6 and 8.
- We cannot "expect" users to use a safe complex password, but we can force them Maybe adding an option for admins to enforce complex passwords (so dumb ones are refused) would be nice too (I'll try to find a way to implement that one)

skalpa.>
Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

50
gtop00
Re: Protest Thread to *REMOVE* Displayname Field From Xoops...
  • 2006/2/5 23:10

  • gtop00

  • Friend of XOOPS

  • Posts: 498

  • Since: 2004/11/13


Quote:

skalpa wrote:
..., it's just that by default XOOPS should be installed with something like 6 and 8.
- We cannot "expect" users to use a safe complex password, but we can force them Maybe adding an option for admins to enforce complex passwords (so dumb ones are refused) would be nice too (I'll try to find a way to implement that one)

skalpa.>


Thanks skalpa, that's a constructive approach!

Login

Who's Online

160 user(s) are online (60 user(s) are browsing Support Forums)


Members: 0


Guests: 160


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits