[isf-wifidog] Possible problem with Laika

Michael Lenczner michaellenczner at yahoo.ca
Lun 7 Mar 10:59:22 EST 2005 

1) we need to let people know that the verification
email can often be found in their junk mail.

2) I think it might be useful to revisit why we have
this system in the first place  - specifically, I'm
wondering whether we should give someone 24 hours
access before we lock them out?

mike

 --- Philippe April <isf_lists at philippeapril.com>
wrote: 
> On Mon, Mar 07, 2005 at 01:09:22AM -0500, Benoit
> Grégoire wrote:
> > > 2. I just realized, if I did like a lot of
> people and double-click on
> > > links instead of single-clicks, well I'd
> probably get an error message
> > > at the login page. Therefore, I would not get
> the "you get 15 minutes
> > > of access, please go ahead, thank you" but
> "Access denied" or something
> > > like that, because the token would already have
> been used.
> > 
> > The token shouldn't be burned by a double-login,
> there's a problem with our 
> > login.
> 
> The token (right now), should not be reused by
> anyone.
> 
> That's why we tag it "IN_USE" or not in the
> database.
> 
> Now, if we don't mind, we can let the token be used
> again if the token
> is "IN_USE".
> 
> We'd have to make sure that WiFiDog reacts correctly
> to that. If its
> given the same token twice in a row in a matter of
> seconds, it could get
> tricky, we just have to test it and see how it goes.
> 
> Basically that would change the message displayed to
> the user from
> "Error" to "Welcome!", much better for the user.
> 
> I think we check if the token matches with the IP
> address of the client
> so it should be safe.
> 
> > What are we trying to prevent by not opening all
> ports in validation?
> 
> I think the idea for that validation period was just
> for validating the
> email address, therefore only the main mechanisms
> should be open (80,
> 110, 143, 443 and such).
> 
> Now, of course you can tunnel anything through 22
> and that'd work too
> (so you could "exploit" the validation period even
> if we don't really
> care).
> 
> If we don't think that's valid anymore, we can
> always make the rules
> less strict but leave the functionality in.
> 
> > > Perhaps we should be a bit closer to the users.
> How about just taking
> > > time to walk into a frequently visited cafe to
> ask the users "now, how
> > > was signing-up and all? painful?"
> > 
> > Yes we should, but I refuse to go to café
> Supreme...
> 
> :)
> 
> -- 
> Philippe April
> GnuPG: http://key.philippeapril.com/
> Skype ID: mousetrap
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
>
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>  

______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca

Plus d'informations sur la liste de diffusion WiFiDog