Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: odd subject but...overly aggressive security? (new nonce/cookie setup)
I understand the need for additional security and applaud the effort, even if it was something that was implemented as a result of a low risk threat. Really though, I think this solution isn’t whats best for textpattern – I think session based security would be best, even if it does require additional code / tables.
Offline
Re: odd subject but...overly aggressive security? (new nonce/cookie setup)
As someone who regularly has to check sites in 5 different browsers I have to say that this isn’t causing me any problems at all. You don’t have to login with all those browsers. Just visit the site page. Of course I am only checking things visually but never-the-less I welcome the additional security.
If someone needs to login with another browser and can’t spare 5 seconds or so to logout with their current browser I have to say their future doesn’t look too bright. ;)
Last edited by thebombsite (2008-02-21 14:22:48)
Stuart
In a Time of Universal Deceit
Telling the Truth is Revolutionary.
Offline
Re: odd subject but...overly aggressive security? (new nonce/cookie setup)
It gets annoying when you test an administrative plugin in different browsers. Having to do it occasionally is ok, having to do it everytime you need to check in a different browser is not.
Offline
#16 2008-02-21 15:30:21
- Neko
- Member
- Registered: 2004-03-18
- Posts: 458
Re: odd subject but...overly aggressive security? (new nonce/cookie setup)
You should agree anyway that that’s a very rare event and that it doesn’t impact on the majority of TXP users.
Anyway, I guess that’s why we have a public Trac install and that’s why devs asked to the community to beta-test 4.0.6 before its release.
Offline
Re: odd subject but...overly aggressive security? (new nonce/cookie setup)
TheEric wrote:
It gets annoying when you test an administrative plugin in different browsers.
As I said before, you can create multiple users in TXP, one for each browser, if that bothers you. Name the user after the browser or OS used, each with the same password. Easy and fast to set up. Definitely not worth spending time to re-write the authentication code for that reason.
Offline
Re: odd subject but...overly aggressive security? (new nonce/cookie setup)
i actually applaud the effort … i was taken aback and somewhat annoyed, but i think the benefits far outweigh the negatives. still i did do a flash based cookie test that could be used on the same machine crossbrowser, but alas this will not solve a multiple machine scenario.
nuff-respec ::: dannyb
Offline
#19 2008-03-12 02:35:54
- eddiejanzer
- New Member
- Registered: 2008-03-12
- Posts: 4
Re: odd subject but...overly aggressive security? (new nonce/cookie setup)
I’m not a developer but I think the issue you all are talking about pertains to my problem. I designed a site for a client, and over the phone as I try to talk him through the admin of textpattern, we keep getting sent back to login, and lose the work. I have all day trying to figure out what’s going on. Is this it? One user is logging on with another computer and I’m here trying to do the same thing on the same site?
Offline
Re: odd subject but...overly aggressive security? (new nonce/cookie setup)
Yes … if you are both using the same login credentials then you are both competing for a session. You both can’t simultaneously do things, unless you set up a separate account.
nuff-respec ::: dannyb
Offline
#21 2008-03-12 02:46:51
- eddiejanzer
- New Member
- Registered: 2008-03-12
- Posts: 4
Re: odd subject but...overly aggressive security? (new nonce/cookie setup)
I’m just glad it’s not me. I can work with that, thanks for letting me know.
Offline