[thesite] aeo: login page, security risk?

isaac isaac at members.evolt.org
Wed Aug 29 19:56:21 CDT 2001


> So thats my feeling, what about everyone else?

It's certainly a valid concern. Not particularly crucial given that
usernames are listed on WEO openly, but still...

My thoughts on why this was originally implemented (and I don't know for
sure) is that AEO is not open to the wider membership by default. It kinda
stops people trying to login and find out that their WEO login doesn't work
on AEO.

That said, if they don't find their username in the dropdown, there is no
link or information about why it's not there, or how they can get involved.
The FAQ button links to the wider evolt.org FAQ, rather than a specific AEO
FAQ (which I'm sure we'll get around to).


Maybe the solution is to dump the dropdown and go with two text inputs, and
provide some text that outlines the differences between a WEO and AEO login?


isaac

--------------------------------------------------------------
triple zero digital | upstairs at 200 the parade, norwood 5067
(08)83320545 | www.triplezero.com.au | isaac at triplezero.com.au





More information about the thesite mailing list