Hi,
I am setting up phpBB version 3.0.0 and I noticed that there is a problem on the Forum Permissions setup page, whereby the UI is ambiguous. This is the page that says:
Groups’ forum permissions
Here you can assign forum permissions to groups.
Select a forum
You are able to select more than one forum.
Select a forum:
On this page, it has a check box for selecting "All forums." The ambiguity is that it does not specify if this selection specifies only all currently existing forums, or if it specifies all forums which exist now and in the future. I mean, it's probably 99% certain that the latter case describes the function of this selection, and a person could quickly run through a test to verify this, as the latter functionality is quite a bit more useful than the former, however, in any case this should be clarified. To clarify this would save your users the trouble of reverse engineering it or would save them the the risk of making an assumption as to it's function. This is pretty much the first setting at least 50% of your users will need to customize, as right out of the box a lot of users will want to lock guests out of the message board. So, this ambiguity doesn't give the user a good first impression.
As far as security goes, allowing guests (and bots) to log in by default is like shipping a file sharing software that by default gives anonymous full access to the user's PC's entire file structure. What are you thinking!? At the very least there should be a single setting that makes the board private, so that the average clueless user can stand a fighting chance of keeping it private if that is their intended application.
forum permissions UI is ambiguous, & a security complaint
Forum rules
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
-
alreadyinuse
- Registered User
- Posts: 6
- Joined: Sat May 03, 2008 10:12 am
-
karlsemple
- Registered User
- Posts: 480
- Joined: Mon Jan 23, 2006 8:49 am
- Location: Hereford
- Contact:
Re: forum permissions UI is ambiguous, & a security complaint
phpBB3 by default allows no one access to the forums on the board, thus all forums are private until you set them otherwiseAs far as security goes, allowing guests (and bots) to log in by default is like shipping a file sharing software that by default gives anonymous full access to the user's PC's entire file structure. What are you thinking!? At the very least there should be a single setting that makes the board private, so that the average clueless user can stand a fighting chance of keeping it private if that is their intended application.
