xoops forums

Mandlea

Just popping in
Posted on: 2006/2/4 12:47
Mandlea
Mandlea (Show more)
Just popping in
Posts: 25
Since: 2006/2/3 0
#1

Protest Thread to *REMOVE* Displayname Field From Xoops...

Hi XOOPS Users,

This is a protest thread which will hopefully encourage the XOOPS Development Team to _REMOVE_ or at least make OPTIONAL the new "Displayname" field / feature from the XOOPS system.

Please read the following thread for more of an insight into some of the difficulties it is causing XOOPS Admins: Click here

If you haven't yet come across this new obscure addition to XOOPS v2.2.*, basically what it is is a new field added to the registration called DISPLAYNAME. This field/variable in XOOPS is displayed to other users rather than their loginname. So basically their login name is hidden and secret and they have a displayname which is shown to the public.

All well and good you may think, but this new whacky feature also allows your users to *CHANGE* their displayed name *WHENEVER* they feel like it. For example: no longer do your users have to be quite as cautious about their behaviour on your boards because if they get a bad reputation they can simply CHANGE their name and conceal their old community Identity. Not so cool for communities which rely on the immediate identification and REFERENCE of display names that have become "know" on the site.

Many communities are built around it's users and in this world of constantly changing identities and confussion over who is REALLY who on the net, the ONE SINGLE constant you hope to be able to rely on is a board member's USERNAME. It is the key to that user and they are not able to cloak or mystify themselves by SUDDENLY changing their DISPLAYEDNAME...........THAT IS UNTIL XOOPS 2.2.* allowed them this luxury!

The worst thing about this silly new feature is that it is COMPULSORY to your XOOPS system. You as the Admin have no control over this feature! There is no way to configure this out of your Extended Profile module.

XOOPS DEV TEAM....please listen before this DISPLAYNAME variable becomes too INGRAINED in the general system and 3rd party modules. This is not a "cool new security feature", it is a DESIGN BUG which 95% of Admins do not want or need! Unix Systems(the most *SECURE* OS/servers known to man) have gone decades without such a silly system...so why does XOOPS need this??

If you feel it really IS necassary to Xoops, please make it OPTIONAL because most of us Admins will want the freedom to tick the "This feature is Not Wanted" check-box.

DEAR READER....please support this protest by posting your desire to see this feature REMOVED or at least made optional.

Thank you!

davidl2

XOOPS is my life!
Posted on: 2006/2/4 12:51
davidl2
davidl2 (Show more)
XOOPS is my life!
Posts: 4843
Since: 2003/5/26
#2

Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

It is quite an essential thing to keep in, as it makes it much harder to guess the actual loging security name, and therefore to guess someone elses login.

A good suggestion, rather than remove this useful security feature, is an option to lock the username so it cannot be edited by ordinary users - only admins or webmasters. Therefore preventing silly people changing their names as and when they want to.

davidl2

XOOPS is my life!
Posted on: 2006/2/4 12:54
davidl2
davidl2 (Show more)
XOOPS is my life!
Posts: 4843
Since: 2003/5/26
#3

Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

PS: edited your post to remove the long url with a tidy link as it messes up the site formatting.

bb2120

Not too shy to talk
Posted on: 2006/2/4 12:54
bb2120
bb2120 (Show more)
Not too shy to talk
Posts: 179
Since: 2005/7/6 1
#4

Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

I agree, get rid of displaynames, or, at least, make them optional. Instead, users could be forced to have a password longer than 8 digits

Mandlea

Just popping in
Posted on: 2006/2/4 13:11
Mandlea
Mandlea (Show more)
Just popping in
Posts: 25
Since: 2006/2/3 0
#5

Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

Quote:

davidl2 wrote:
It is quite an essential thing to keep in, as it makes it much harder to guess the actual loging security name, and therefore to guess someone elses login.

A good suggestion, rather than remove this useful security feature, is an option to lock the username so it cannot be edited by ordinary users - only admins or webmasters. Therefore preventing silly people changing their names as and when they want to.


David...thanks for cleaning up the URL

Well, I have to say that for my needs and my particular "community based" portal, this feature is totally pointless overkill. Very rarely would you have hackers trying to hack into my accounts and if they did, there really would not be much of any interest to find in a "general users" profile.

Now having this feature for the ADMINISTRATORS account would be very useful, I agree. But for general registration and users it is not needed on I guess 95% of XOOPS based websites.

Even making the ability for users to change their displayname OPTIONAL but still having the burden/confussion of having to enter both a displayname AND username for new registrations is not desireable. Admins should have the freedom to have it COMPLETELY TRANSPARENT to the users of his site. And simply use the old/established ONE CONSTANT username system

Like I say, I agree that it would be a good security feature for ADMIN / MOD accounts but (for most sites) us admins do not really want our users to have to deal with what a USERNAME is vs. what a DISPLAYNAME is. It's just unescassry baggage and clutter duering a new user registration!

birdseed

Just popping in
Posted on: 2006/2/4 13:23
birdseed
birdseed (Show more)
Just popping in
Posts: 59
Since: 2005/2/26
#6

Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

Hi

I also fully agree with this. My 20000 Members community, online since 2002, has never been hacked by using the loginname an guessing the password.

greetings
birdseedmusic

davidl2

XOOPS is my life!
Posted on: 2006/2/4 14:31
davidl2
davidl2 (Show more)
XOOPS is my life!
Posts: 4843
Since: 2003/5/26
#7

Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

Just because an attempt hasnt been made on the site, doesnt mean to say that one *wont* be... and anything to help prevent that is a big big plus.

Perhaps it may be an idea to have the option to make it optional ... but if so, I hope this feature is turned on by default - and a warning that disabling it will increase the chance of hack attempts on the site...

skenow

Home away from home
Posted on: 2006/2/4 15:26
skenow
skenow (Show more)
Home away from home
Posts: 993
Since: 2004/11/17
#8

Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

I tend to agree with David on this - the feature isn't that confusing, and it does provide another level of security. I would only ask that the DISPLAYNAME have the same configuration as the user email field - allow the admin to turn on/off user edits of that field. Also, because of some of my sites need to be monitored for acceptable content (my church's, for example), I would like notification/approval for any changes, if the user can edit.

Mandlea

Just popping in
Posted on: 2006/2/4 15:49
Mandlea
Mandlea (Show more)
Just popping in
Posts: 25
Since: 2006/2/3 0
#9

Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

Quote:

skenow wrote:
I tend to agree with David on this - the feature isn't that confusing, and it does provide another level of security. I would only ask that the DISPLAYNAME have the same configuration as the user email field - allow the admin to turn on/off user edits of that field. Also, because of some of my sites need to be monitored for acceptable content (my church's, for example), I would like notification/approval for any changes, if the user can edit.


I feel, no matter what, there _definitely_ needs to be the option to prevent users CHANGING their display name. That is a given and I really have a difficult time understanding quite how the XOOPS team could possibly have implimented this feature without enabling Admins to be able to PREVENT users from changing their Displayname.

I think there will be a divide amoung XOOPS users as to whether this "feature" is useful or not. Both sides have valid reasons. Some, like you, will want to make use of it but others (and I guess the majority) will see this as an INTRUSION of their registration process. It will simply be an annoying, unecessary field to them; cluttering-up what they want to be a MINIMAL/QUICK registration process.

My argument is that sites have managed PERFECTLY well without this extra field for decades. I'm not denying that hackers CAN be a problem and anything to prevent them is welcome, but - in all honestly - for MOST sites, they are not an issue. Birdseed's post above is a prime example - running a site with 20000 since 2002 and no hacking attempts. I myself have never had a problem with account hackers them either.

And please note I DO actually think this is an EXCELLENT idea for ADMIN and MOD accounts, but for user accounts on most sites it is nothing more than annoying overkill.

If XOOPS insist on having this Displayname field than it should be implimented in a TOTALLY optional way for Admins. That way those who want to increase security can and those grown-up enough to understand the "risks" (which are very minimal) involved in NOT using it are not *FORCED* to do so.

This is an obscure feature, not the NORM in CMS's, so please do not make us use this when many will see no need for it. If XOOPS do not impliment this feature in an optional manner they will force people, like me, to HACK the XOOPS Profile modules. If people, like me, are not exactly expert PHP coders this will be an even BIGGER security risk than single user names!

guardian2k1

Not too shy to talk
Posted on: 2006/2/4 15:59
guardian2k1
guardian2k1 (Show more)
Not too shy to talk
Posts: 114
Since: 2004/12/23
#10

Re: Protest Thread to *REMOVE* Displayname Field From Xoops...

I think if the new features of 2.2 bother you this much why did you upgrade? 2.2 is basically a floating version and will eventually be killed off when 2.4 is available for us. As for putting *protest* in the subject. I think is a little immature and not the way to go about things.

Just my 2 cents.
"Linux is extremely user-friendly. It also happens to be extremely selective when picking its friends."

http://www.nuxified.com | http://debcentral.org