How did you conclude that contributors and participants need such strong authentication? Are brute force attacks really effective against random-looking passwords? It would've thought that amount of attempted logins would swamp the server anyway. And even if they get a contributor login, they can't make any changes that the administrator (you) can't reverse, right?
Anyway, it looks like you can get TOTP generators as browser add-ons, so I should be good. On Sat, Jan 31, 2015 at 2:25 AM, Jonathan S. Shapiro <[email protected]> wrote: > All: > > I've been silent on the list for the last three (or so) weeks, and I thought > it might be polite to say why. > > Every so often I decide to resume or initiate a major project. Whenever I > do, I think to myself: "Wouldn't it be nice to be able to engage the > community of people who share these interests in a more interactive way? It > would really help to have a mechanism to accept and incorporate comments, > engage in discussions, and curate the results. Down the road it would be > nice to capture the opinions and experience of the community good and bad." > Every time this comes up I look into the state of CMS software. The > proximate cause this time was that I wanted to develop the next draft > specification for BitC publicly in such a way that all of you might > contribute comments, critiques, and annotations. > > BitC cannot succeed as an n-man show for small n, and certainly not for > n==1. If we are going to build an ecosystem, we need a persistent place for > ddebate, discussion, [dis]agreement, convergence, and curation. Mailing > lists work well when the discussion is "alive", but they don't provide a way > to curate and summarize conclusions in actionable form. > > I have spent the last three weeks bringing up test deployments of Wordpress, > Joomla, and Drupal. All three have improved dramatically since my last look. > All three suffer from inadequate architectural coherence. All three suffer > from security concerns as a consequence. It appears to me that it is now > possible to put up an interactive website with a tolerable investment of > administrative effort. It now appears plausible that Drupal can do the job, > and can be deployed without substantially greater risk than the existing > portfolio of Mailman+OSDoc. I've even found a few themes that, with minor > modification, don't suck. :-) > > The main threats to a content management system are penetration and spam. > When plugins are chosen judiciously, the risk of penetration seems > manageable. Spam is endemic, and I simply don't have time to deal with that > by hand. Passwords are now a lost cause from the standpoint of brute force > attacks in any case, so here is my notional plan. > > I propose to set up a site having three roles: > > Readers, who do not require authentication. Readers cannot comment. > Community: Those who participate in forums (discussions) and may comment on > documents. Requires authentication. > Participants: Those who have an active role in the project, either as > authors, as curators, or as code contributors. > > If you're on the mailing list, you'd fall under "contributors", but I'm very > hopeful that many of you will seek to be more active "participants". > > Because of the "comment spam" issue, and the problem of brute-force attack, > I have in mind to require two-factor authentication using Google > Authenticator. GA is a time-based one-time pad. On login, you enter your > user name, password, and one-time number provided by an app running on your > phone, ipad, or desktop. This eliminates password phishing sorts of attacks > at the risk of requiring a smart phone or a tablet device (or a PC). In my > opinion, it's a relatively mild pain in the butt at login time in exchange > for a pretty effective defense against brute-force attack and spam. To be > honest, I'm not sure that the actual password serves any useful purpose. :-) > > My initial plan is to bring up the drupal site at bitc-lang.org, migrating > the legacy content into a sub-tree. Once this is complete, the mailing lists > should be frozen for archival purposes and discussion should move to the > forums. > > I apologize in advance for the inconvenience of two-factor authentication. > Other sites have been overrun, and I'd rather spend my time on BitC than on > site administration. My suggestion is to log in once with TFA and keep a > window open. That way you won't be prompted. My personal experience with > Google Authenticator has been more palatable than I expected > > If Google Authenticator won't work for you, I would very much like to know > ASAP! > > > shap _______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
