Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 

Sign in to follow this  
nitro322

Forum Authentication Question

Recommended Posts

When I login to the MSFN forum I always check the "Remember Me" option, but that only seems to work if I return to the site using the same computer. If I change computers/OSes, I have to re-authenticate, even if I've alreade previously logged in and selected the "Remember Me" option from that system. Given that I regularly use 5 different systems/OSes, this can be quite annoying.

It may seem that this is simply how it's supposed to work, but I regularly browse the AutoIt and Hydrogenaudio forums as well, both of which appear to use the same forum software, and neither behaves the same way. Eg, if I login to AutoIt from my desktop, then login from my laptop, I will then remain logged in next time I visit from either system. If I were to do the same with MSFN, I'd have to login again from my desktop the next time I visited.

Is there any particular reason that the login system is setup like this on MSFN? I guess I can see it as a security feature, but it doesn't seem like it's worth the hassle on a site like this. I'd just like to know the rationale behind it.

Thanks.

Share this post


Link to post
Share on other sites

Hello nitro,

First of all i would like to point out that we have a " site and forum issues " forum for this... :)

second, this is indeed a security feature. Now you might wonder why we have it enabled... we have it enabled because we dont want anything to be screwed here. there are many good and bad points about this, but its better to be safe than sorry :)

regards,

Martin

Share this post


Link to post
Share on other sites
First of all i would like to point out that we have a " site and forum issues " forum for this... :)

Yeah, that's my bad. I thought there was a specific topic for questions like this, but I couldn't find it when looking through the list earlier. Obviously I need to look harder next time.

second, this is indeed a security feature. Now you might wonder why we have it enabled... we have it enabled because we dont want anything to be screwed here. there are many good and bad points about this, but its better to be safe than sorry :)

Oh, believe me, I understand that position. Believe it or not, I'm actually a security analyst by day (and script-fu ninja by night :)), and I've been giving this a good deal of thought before posting. I know it can help prevent session hijacking (among other things), but as I stated in my original post it just doesn't seem worth the inconvenience on a site like this. If there was any kind of sensitive data at all involved I'd understand, but considering this is a public forum, there isn't a whole lot of secrecy involved. What's worse, forcing users to continually reauthenticate, on an unencrypted site no less, could potentially expose them to various password sniffing, cross-site scripting, and man-in-the-middle attacks. That's actually more of an issue for me than the convenience factor - every time I submit my password in paintext, the security guru in me cries out in pain.

Of course, this is really only an issue for users that regularly visit from multiple systems, and I wouldn't think there's a significant percentage of them, but it is quite annoying when you're one of them. I'm not going to try to change your mind about this, as I'm sure you have your own reasons for it, but would it be possible to perhaps make this a user option as opposed to a global system option? Eg, when if I setup a new account then I'm restricted to logging in from a single system by default, just like today, but I have the option of setting it to allow me to login from multiple systems if I so choose.

Just a thought. Thanks for the reply.

Share this post


Link to post
Share on other sites

You could solve at least the convenience issue by using Firefox which remembers passwords. Opera might too, I dunno.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...