I finally came to the realization that the time I've spent getting
to know the software enough to make the few changes I wanted would
be wasted if I didn't do a good reorganization that the code badly
needs. Hopefully that will also help us diagnose some of its
performance and scalability problems (for example, I've already
found that the code as it is now does 14 database queries to display
the front page!)
So, I'm refactoring the code and documenting as I go, but I want
to get an opinion from not only the tech folks but the list at
large about what the login/logout behavior should be.
Question 1: What is the behavior of the "remember password" user
option supposed to be? Please don't describe code details--I need
to know WHAT it's supposed to do, not HOW (because I'm changing
the latter). We already save the user's ID and some settings in
a cookie (we have to to handle prefs), and we delete the cookie
when the user explicitly logs out (which is good for security),
requiring him to log in and specify his password again. So what's
the difference between a user with this setting and a user without
it? Do we want to retain the user's password in a cookie even when
he logs out? We don't do that currently, so I'm just not clear
what the option is supposed to do.
Question 2: What's a reasonable cookie expiration? It's currently
a year, but I'm thinking a week or a month might be better for
security.
Question 3: Do we "trust" cookies for such issues as sysop access?
Some anonymous user could, for example, mockup the cookies of a
logged-in sysop and start deleting things. Should we take measures
to secure against that, or just be more relaxed and rely on making
frequent backups?
--
Lee Daniel Crocker <lee@piclab.com> <http://www.piclab.com/lee/>
"All inventions or works of authorship original to me, herein and past,
are placed irrevocably in the public domain, and may be used or modified
for any purpose, without permission, attribution, or notification."--LDC
to know the software enough to make the few changes I wanted would
be wasted if I didn't do a good reorganization that the code badly
needs. Hopefully that will also help us diagnose some of its
performance and scalability problems (for example, I've already
found that the code as it is now does 14 database queries to display
the front page!)
So, I'm refactoring the code and documenting as I go, but I want
to get an opinion from not only the tech folks but the list at
large about what the login/logout behavior should be.
Question 1: What is the behavior of the "remember password" user
option supposed to be? Please don't describe code details--I need
to know WHAT it's supposed to do, not HOW (because I'm changing
the latter). We already save the user's ID and some settings in
a cookie (we have to to handle prefs), and we delete the cookie
when the user explicitly logs out (which is good for security),
requiring him to log in and specify his password again. So what's
the difference between a user with this setting and a user without
it? Do we want to retain the user's password in a cookie even when
he logs out? We don't do that currently, so I'm just not clear
what the option is supposed to do.
Question 2: What's a reasonable cookie expiration? It's currently
a year, but I'm thinking a week or a month might be better for
security.
Question 3: Do we "trust" cookies for such issues as sysop access?
Some anonymous user could, for example, mockup the cookies of a
logged-in sysop and start deleting things. Should we take measures
to secure against that, or just be more relaxed and rely on making
frequent backups?
--
Lee Daniel Crocker <lee@piclab.com> <http://www.piclab.com/lee/>
"All inventions or works of authorship original to me, herein and past,
are placed irrevocably in the public domain, and may be used or modified
for any purpose, without permission, attribution, or notification."--LDC