Alan Burlison wrote: > Shawn Walker wrote: > >> In addition, to me, partially dismissing the concerns raised here by >> suggesting that a user just use their browser instead to reduce login >> frustration seems to simply move the real problem from one area to >> another. > > It's more an acceptance of the fact that I can't stop people using the > browser feature anyway ;-) Plus cookies are sent on each request, login > credentials are not, and login credentials will be supplied over SSL.
As someone who has spent years developing web applications, as you have; I know that you're in a difficult place here to strike a balance between security and user acceptance. However, I would urge you to reconsider the limitations on the "wiki-aspect" of the website. I don't believe months or "forever" to be reasonable either, but there is something to be said of picking a short time by default and letting the user take responsibility for picking a longer period. If setup properly, the only possibly, negatively impacted aspect of the website would be the "wiki-aspect." Cheers, -- Shawn Walker _______________________________________________ website-discuss mailing list [email protected]
