odd subject but...overly aggressive security? (new nonce/cookie setup)

TheEric · 2008-02-21 13:05:37

I understand the need for additional security and applaud the effort, even if it was something that was implemented as a result of a low risk threat. Really though, I think this solution isn’t whats best for textpattern – I think session based security would be best, even if it does require additional code / tables.

thebombsite · 2008-02-21 14:20:16

As someone who regularly has to check sites in 5 different browsers I have to say that this isn’t causing me any problems at all. You don’t have to login with all those browsers. Just visit the site page. Of course I am only checking things visually but never-the-less I welcome the additional security.

If someone needs to login with another browser and can’t spare 5 seconds or so to logout with their current browser I have to say their future doesn’t look too bright. ;)

Last edited by thebombsite (2008-02-21 14:22:48)

TheEric · 2008-02-21 15:13:32

It gets annoying when you test an administrative plugin in different browsers. Having to do it occasionally is ok, having to do it everytime you need to check in a different browser is not.

Neko · 2008-02-21 15:30:21

You should agree anyway that that’s a very rare event and that it doesn’t impact on the majority of TXP users.

Anyway, I guess that’s why we have a public Trac install and that’s why devs asked to the community to beta-test 4.0.6 before its release.

ruud · 2008-02-21 15:51:13

TheEric wrote:

It gets annoying when you test an administrative plugin in different browsers.

As I said before, you can create multiple users in TXP, one for each browser, if that bothers you. Name the user after the browser or OS used, each with the same password. Easy and fast to set up. Definitely not worth spending time to re-write the authentication code for that reason.

dbulli · 2008-03-06 20:19:13

i actually applaud the effort … i was taken aback and somewhat annoyed, but i think the benefits far outweigh the negatives. still i did do a flash based cookie test that could be used on the same machine crossbrowser, but alas this will not solve a multiple machine scenario.

Cross Browser Cookies with Flash

eddiejanzer · 2008-03-12 02:35:54

I’m not a developer but I think the issue you all are talking about pertains to my problem. I designed a site for a client, and over the phone as I try to talk him through the admin of textpattern, we keep getting sent back to login, and lose the work. I have all day trying to figure out what’s going on. Is this it? One user is logging on with another computer and I’m here trying to do the same thing on the same site?

dbulli · 2008-03-12 02:40:43

Yes … if you are both using the same login credentials then you are both competing for a session. You both can’t simultaneously do things, unless you set up a separate account.

eddiejanzer · 2008-03-12 02:46:51

I’m just glad it’s not me. I can work with that, thanks for letting me know.

Textpattern CMS

Textpattern CMS support forum

#13 2008-02-21 13:05:37

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

#14 2008-02-21 14:20:16

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

#15 2008-02-21 15:13:32

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

#16 2008-02-21 15:30:21

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

#17 2008-02-21 15:51:13

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

#18 2008-03-06 20:19:13

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

#19 2008-03-12 02:35:54

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

#20 2008-03-12 02:40:43

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

#21 2008-03-12 02:46:51

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

Board footer