Development Discussion Board

Getting rid of the memberlist on the grounds of security is daft, it's nothing but security through obscurity. Those accounts you'd want to brute force are likely to be listed in your replacement, administrators etc. and you can always just go harvest addresses from all over the board. As to the us...

Personally, I don't care which browser people use. I just want the applications that they use, that are administered by me, do not betray their trust. Every day you read about some hacker hacked into this or that (such as some financial institution and stole credit information....from places that ar...

Not sure how splitting the display name and login name will be beneficial with regards to this. Not only will a user have to remember their password but also their login name because it's not the same one being displayed. That will push users away, not attract them no matter how secure YOU think it...

Bottom line is it WILL be a nuisance no matter how much YOU think it will not be. :roll: I hate to break the news to you but not everyone uses FireFox (not sure if Chrome has this) so the feature you mentioned that the username field is filled in automatically will not be available on all browsers ...

It would be nice if Rhea supported decoupling the logon username from the display name by default, so that you could specify that the username be anything that falls into a specified ruleset, but the display name on the forums is something different....that way someone that gains access to the memb...

CAPTCHA was only one of many possible brute force attack prevention measures. Even when a CAPTCHA is broken like many have been in the past, success rates of cracker are still way below 100% and it requires a noticeable amount of computing time. Considering that currently, phpBB has customizable CA...

The argument about logging in is not valid considering you can enable login CAPTCHA after a set number of unsuccessful tries. Yes, because CAPTCHA is the be-all, end-all answer for security, right? It will not take long for that to go bye-bye as a security measure against automated attacks....tell ...

It would be nice if Rhea supported decoupling the logon username from the display name by default, so that you could specify that the username be anything that falls into a specified ruleset, but the display name on the forums is something different....that way someone that gains access to the membe...