Login Questions

Post Reply

Page <12

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 13 February 2006 at 3:44pm
	Although I have yet to go as far as having a sepporate password for the admin section of the forum I have changed the login procedure for version 8. The next beta version will be testing a new admin login fetaure, whereby auto login is not enabled for the admin section and the user needs to re-enter the admin password to enter the admin section. They will also need to re-enter the admin password to enter the admin section after 20 minutes of in-activity, if they forget to logout.
	Web Wiz Forums Hosting ASP.NET Web Hosting

wistex Members Profile Find Members Posts Mod Builder Group Joined: 30 August 2003 Location: United States Status: Offline Points: 877	Post Options Post Reply Quote wistex Report Post Thanks(0) Quote Reply Posted: 13 February 2006 at 4:49pm
	For the average admin, I wouldn't have a different password for the admin section. Since most admins don't access the admin section that often, that's asking for problems with forgotten admin passwords. But for me it works out okay because I use different passwords for regular logins and admin logins anyway.
	WisTex Solutions CaribbeanChoice Forums

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 13 February 2006 at 4:54pm
	Thats what is putting me off changing the system to have a sepporate password for the admin section. As it is not accessed often people are going to forget the password, leading to loads of 'I've forgotten my admin password' support questions. Although another idea I have had is to use an admin question and awnser, so when entering the admin section, the admin has a quetsion they have set themselve's, such as, 'what is your favourite colour?'. That way hopefully the admin wouldn't forget the anwser.
	Web Wiz Forums Hosting ASP.NET Web Hosting

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 13 February 2006 at 4:56pm
	Also, for beta 2, for the main user login, because users are complaining about the CAPTCHA security images, I have changed the user login page so that the CAPTCHA images only appear after the 3rd un-sucessful login attempt.
	Web Wiz Forums Hosting ASP.NET Web Hosting

wistex Members Profile Find Members Posts Mod Builder Group Joined: 30 August 2003 Location: United States Status: Offline Points: 877	Post Options Post Reply Quote wistex Report Post Thanks(0) Quote Reply Posted: 13 February 2006 at 5:05pm
	That's good. That CAPTCHA thing was annoying me. I like the 3rd unsuccessful attempt implementation. I wouldn't use a different username and password, just track login seperately and not allow auto-login for the admin section. I think that would be sufficent for admins who forget to logout of the forums or who use auto-login. Even if someone came to the same computer and tried to do an admin function, they would have to know the password. And if they know that, your doomed from the start. The admin question is overkill in my thinking.
	WisTex Solutions CaribbeanChoice Forums

wistex Members Profile Find Members Posts Mod Builder Group Joined: 30 August 2003 Location: United States Status: Offline Points: 877	Post Options Post Reply Quote wistex Report Post Thanks(0) Quote Reply Posted: 13 February 2006 at 5:12pm
	Also, I heard you mention that you were deleting most admin functionality from the forums and moving it to the admin section for security reasons. Please don't do that. What would be better is keeping the admin links like you have now, but require the admin to relogin as the admin if they haven't relogged in as the admin in 20 minutes. The link could take you to a specific page in the admin section which, of course, requires the relogin that you are talking about. Also, can we get rid of the frames in the admin?
	WisTex Solutions CaribbeanChoice Forums

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 13 February 2006 at 5:39pm
	The only admin functionality removed from the main forum and now only available in the admin section is being able to change forum names and descriptions from the main forum. These such features are only used rarely and are just another way for a hacker to screw things up. I will consider removing frames from the admin section, but it not high priority at the moment as I want to get beta 2 out ASAP.
	Web Wiz Forums Hosting ASP.NET Web Hosting

wistex Members Profile Find Members Posts Mod Builder Group Joined: 30 August 2003 Location: United States Status: Offline Points: 877	Post Options Post Reply Quote wistex Report Post Thanks(0) Quote Reply Posted: 13 February 2006 at 6:43pm
	That's okay. Luckily I don't have to go into the WWF admin section too much. And for some things I've written my own admin pages (i.e. so I can find a user by e-mail for example).
	WisTex Solutions CaribbeanChoice Forums

Post Reply	Page <12

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum