Search found 8 matches

by deer_buster
Mon Feb 01, 2010 9:41 pm
Forum: [3.x] Discussion
Topic: User Security
Replies: 37
Views: 38039

Re: User Security

Getting rid of the memberlist on the grounds of security is daft, it's nothing but security through obscurity. Those accounts you'd want to brute force are likely to be listed in your replacement, administrators etc. and you can always just go harvest addresses from all over the board. As to the us...
by deer_buster
Fri Jan 29, 2010 11:44 pm
Forum: [3.x] Discussion
Topic: User Security
Replies: 37
Views: 38039

Re: User Security

Personally, I don't care which browser people use. I just want the applications that they use, that are administered by me, do not betray their trust. Every day you read about some hacker hacked into this or that (such as some financial institution and stole credit information....from places that ar...
by deer_buster
Fri Jan 29, 2010 10:39 pm
Forum: [3.x] Discussion
Topic: User Security
Replies: 37
Views: 38039

Re: User Security

Not sure how splitting the display name and login name will be beneficial with regards to this. Not only will a user have to remember their password but also their login name because it's not the same one being displayed. That will push users away, not attract them no matter how secure YOU think it...
by deer_buster
Fri Jan 29, 2010 10:37 pm
Forum: [3.x] Discussion
Topic: User Security
Replies: 37
Views: 38039

Re: User Security

Bottom line is it WILL be a nuisance no matter how much YOU think it will not be. :roll: I hate to break the news to you but not everyone uses FireFox (not sure if Chrome has this) so the feature you mentioned that the username field is filled in automatically will not be available on all browsers ...
by deer_buster
Fri Jan 29, 2010 9:05 pm
Forum: [3.x] Discussion
Topic: User Security
Replies: 37
Views: 38039

Re: User Security

It would be nice if Rhea supported decoupling the logon username from the display name by default, so that you could specify that the username be anything that falls into a specified ruleset, but the display name on the forums is something different....that way someone that gains access to the memb...
by deer_buster
Fri Jan 29, 2010 7:56 pm
Forum: [3.x] Discussion
Topic: User Security
Replies: 37
Views: 38039

Re: User Security

CAPTCHA was only one of many possible brute force attack prevention measures. Even when a CAPTCHA is broken like many have been in the past, success rates of cracker are still way below 100% and it requires a noticeable amount of computing time. Considering that currently, phpBB has customizable CA...
by deer_buster
Fri Jan 29, 2010 6:41 pm
Forum: [3.x] Discussion
Topic: User Security
Replies: 37
Views: 38039

Re: User Security

The argument about logging in is not valid considering you can enable login CAPTCHA after a set number of unsuccessful tries. Yes, because CAPTCHA is the be-all, end-all answer for security, right? It will not take long for that to go bye-bye as a security measure against automated attacks....tell ...
by deer_buster
Thu Jan 28, 2010 10:15 pm
Forum: [3.x] Discussion
Topic: User Security
Replies: 37
Views: 38039

User Security

It would be nice if Rhea supported decoupling the logon username from the display name by default, so that you could specify that the username be anything that falls into a specified ruleset, but the display name on the forums is something different....that way someone that gains access to the membe...