|
That doesn't sound secure enough. I would suggest that when a user "registers"
to use the web interface, their browser should be send a random unique "user
ID", and the user ID should also be sent to the email address they registered
with. If they cancel the message via NNTP or email, their email address serves
as their identity, and if they cancel via their web browser the cookie is their
identity -- but if they have changed their email address or lost their cookies,
they could type in the ID. So the ID verifies their identity and only has to be
used in rare cases.
On a related note, I just had to "register" again today because I am accessing
the web from a different machine, and it annoyed me that I couldn't log in to
LUGNET with a user ID and password to get my cookies reinstated.
- Robert
In lugnet.faq, Larry Pieniazek writes:
> [...] I think having a way to cancel a message from the web (which
> perhaps was reviewed by a human to verify bonafides) would be a good
> thing. I would make the interface such that one could request the cancel
> even if one was not set up to web post...
> [...]
|
|
|
Boy, that was stupid. I really do wish I could cancel messages.
I just realized that there is a "confirmation code", which right now is used
when you request having a newsgroup sent to you via email (the page where this
happens is http://lugnet.com/news/mail/setup/ )
So I'll modify my suggestion and say, if you want to cancel a message you
should either have the confirmation code already in your browser as a cookie,
or you should be sending email from the email address that the message is
currently linked to (the email address you had when you posted the message), or
you should manually supply the confirmation code.
In lugnet.faq, Robert Munafo writes:
> That doesn't sound secure enough. I would suggest that when a user "registers"
> to use the web interface, their browser should be send a random unique "user
> ID", [...]
|
|
|
In lugnet.faq, "Robert Munafo" <munafo@gcctech.com> writes:
> On a related note, I just had to "register" again today because I am accessing
> the web from a different machine, and it annoyed me that I couldn't log in to
> LUGNET with a user ID and password to get my cookies reinstated.
This is because there aren't any "user accounts" on the server...everything
is stored in on the client (just like a newsreader). However, with
memberships, we can store all of that neat stuff on the server and only
burden the client with a tiny ID cookie.
--Todd
|
|
|