Textpattern CMS support forum

You are not logged in. Register | Login | Help

#11 2008-02-21 09:19:30

marios
Plugin Author
Registered: 2005-03-12
Posts: 1,253

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

ruud wrote:

Going back to the old authentication method is not an option.
Why is the first suggested workaround (create a few users, one for each testing PC/browser) not an option?

May be this is, because if you want to test something specific, some code might behave differently, based on as which User you are logged in. ( Code that has username, id as arguments ).
Not that I really have a deep understanding of these things, but I think a preference to switch this off when in debugging or testing would be something useful.

regards, marios


⌃ ⇧ < ⌃ ⇧ >

Offline

#12 2008-02-21 09:50:55

Mary
Sock Enthusiast
Registered: 2004-06-27
Posts: 6,236

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

…but I think a preference…

That’s not possible (really, it isn’t). This is a side-effect of a security fix, not a feature change/addition. To get rid of the side-effect you would have to revert the security fix.

Offline

#13 2008-02-21 13:05:37

TheEric
Plugin Author
From: Wyoming
Registered: 2004-09-17
Posts: 564

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

I understand the need for additional security and applaud the effort, even if it was something that was implemented as a result of a low risk threat. Really though, I think this solution isn’t whats best for textpattern – I think session based security would be best, even if it does require additional code / tables.

Offline

#14 2008-02-21 14:20:16

thebombsite
Plugin Author
From: Exmouth, England
Registered: 2004-08-24
Posts: 3,251
Website

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

As someone who regularly has to check sites in 5 different browsers I have to say that this isn’t causing me any problems at all. You don’t have to login with all those browsers. Just visit the site page. Of course I am only checking things visually but never-the-less I welcome the additional security.

If someone needs to login with another browser and can’t spare 5 seconds or so to logout with their current browser I have to say their future doesn’t look too bright. ;)

Last edited by thebombsite (2008-02-21 14:22:48)


Stuart – The BombsiteProText ThemesTextgarden

In a Time of Universal Deceit
Telling the Truth is Revolutionary.

Offline

#15 2008-02-21 15:13:32

TheEric
Plugin Author
From: Wyoming
Registered: 2004-09-17
Posts: 564

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

It gets annoying when you test an administrative plugin in different browsers. Having to do it occasionally is ok, having to do it everytime you need to check in a different browser is not.

Offline

#16 2008-02-21 15:30:21

Neko
Member
Registered: 2004-03-18
Posts: 458

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

You should agree anyway that that’s a very rare event and that it doesn’t impact on the majority of TXP users.

Anyway, I guess that’s why we have a public Trac install and that’s why devs asked to the community to beta-test 4.0.6 before its release.

Offline

#17 2008-02-21 15:51:13

ruud
Developer emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

TheEric wrote:

It gets annoying when you test an administrative plugin in different browsers.

As I said before, you can create multiple users in TXP, one for each browser, if that bothers you. Name the user after the browser or OS used, each with the same password. Easy and fast to set up. Definitely not worth spending time to re-write the authentication code for that reason.

Offline

#18 2008-03-06 20:19:13

dbulli
Member
Registered: 2004-11-22
Posts: 195
Website

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

i actually applaud the effort … i was taken aback and somewhat annoyed, but i think the benefits far outweigh the negatives. still i did do a flash based cookie test that could be used on the same machine crossbrowser, but alas this will not solve a multiple machine scenario.

Cross Browser Cookies with Flash


nuff-respec ::: dannyb

Offline

#19 2008-03-12 02:35:54

eddiejanzer
New Member
Registered: 2008-03-12
Posts: 4

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

I’m not a developer but I think the issue you all are talking about pertains to my problem. I designed a site for a client, and over the phone as I try to talk him through the admin of textpattern, we keep getting sent back to login, and lose the work. I have all day trying to figure out what’s going on. Is this it? One user is logging on with another computer and I’m here trying to do the same thing on the same site?

Offline

#20 2008-03-12 02:40:43

dbulli
Member
Registered: 2004-11-22
Posts: 195
Website

Re: odd subject but...overly aggressive security? (new nonce/cookie setup)

Yes … if you are both using the same login credentials then you are both competing for a session. You both can’t simultaneously do things, unless you set up a separate account.


nuff-respec ::: dannyb

Offline

Board footer

Powered by FluxBB