[isf-wifidog] Possible problem with Laika

[Philippe April]

On Mon, Mar 07, 2005 at 01:09:22AM -0500, Benoit Grégoire wrote:
> > 2. I just realized, if I did like a lot of people and double-click on
> > links instead of single-clicks, well I'd probably get an error message
> > at the login page. Therefore, I would not get the "you get 15 minutes
> > of access, please go ahead, thank you" but "Access denied" or something
> > like that, because the token would already have been used.
> 
> The token shouldn't be burned by a double-login, there's a problem with our 
> login.

The token (right now), should not be reused by anyone.

That's why we tag it "IN_USE" or not in the database.

Now, if we don't mind, we can let the token be used again if the token
is "IN_USE".

We'd have to make sure that WiFiDog reacts correctly to that. If its
given the same token twice in a row in a matter of seconds, it could get
tricky, we just have to test it and see how it goes.

Basically that would change the message displayed to the user from
"Error" to "Welcome!", much better for the user.

I think we check if the token matches with the IP address of the client
so it should be safe.

> What are we trying to prevent by not opening all ports in validation?

I think the idea for that validation period was just for validating the
email address, therefore only the main mechanisms should be open (80,
110, 143, 443 and such).

Now, of course you can tunnel anything through 22 and that'd work too
(so you could "exploit" the validation period even if we don't really
care).

If we don't think that's valid anymore, we can always make the rules
less strict but leave the functionality in.

> > Perhaps we should be a bit closer to the users. How about just taking
> > time to walk into a frequently visited cafe to ask the users "now, how
> > was signing-up and all? painful?"
> 
> Yes we should, but I refuse to go to café Supreme...

:)

-- 
Philippe April
GnuPG: http://key.philippeapril.com/
Skype ID: mousetrap