Re: Mersenne: Password safety
you an email containing another url that you can click on from inside your e-mail system which will process the user's membership. Click? On e-mail? Note - not everybody is reading e-mail from their home PC using Netscrape or Internet Exploder. I use ELM - many others use PINE - neither of them is graphical, nor tied to the Mickeysoft OLE way of things... If you do e-mail confirmation, the best (and easiest) way is to send the user a message with a unique code, and then have the user reply to it. Possibly with added information to make the transaction even more secure.
Re: Mersenne: Password safety
Michael Clark wrote: What (if any) are the concerns with having an account's password and user ID posted on a web page? Would someone be able to change the "Your Name" and "Your email address" fields with them? So if my school set up a web page to encourage people to join our team, could someone come along and usurp our work? Also, what would happen if someone changed (or deleted) the existing UserID and password in the middle of a LL test? Thanks very much, Michael Michael Clark http://michaelclark.simplenet.com/welcome.html Center for Public Administration and Policy http://www.cpap.vt.edu Only 415 days until the year 2000! The secure-yet-still-automated way to do this is to have a public html form that takes the new persons data and wraps it up and sends you an email containing another url that you can click on from inside your e-mail system which will process the user's membership. One working out of the system, then many one-click approvals, rather than simply having the applicants e-mail you and needing to do boring data entry, and you still have control unlike if you just put the password out. Have teams been implemented? Theyt could follow the practice of "web rings" and have an "inner circle" who have approval power; applications to join can get sent to all approvers, or round-robined to each in turn, or a designates one or two. There is no limit to possible subtletl when it comes to dreaming up a user interface. __ David Nicol 816.235.1187 UMKC Network Operations [EMAIL PROTECTED] Border on graphomania
Re: Mersenne: Password safety
Hi, At 11:07 AM 11/12/98 -0500, Michael Clark wrote: What (if any) are the concerns with having an account's password and user ID posted on a web page? Would someone be able to change the "Your Name" and "Your email address" fields with them? So if my school set up a web page to encourage people to join our team, could someone come along and usurp our work? Also, what would happen if someone changed (or deleted) the existing UserID and password in the middle of a LL test? On your machine, set LockUserInfo=1 in prime.ini The next time you run prime95, this will be sent to the server which will then prevent anyone from changing your user name or hijacking your results. I know this is a rather kludgy way to implement teams, but it is the only method at present. Maybe someday we can do better. If someone changes userids mid-LL test the credit will go to the new userid (presumably the owner of the machine has abandoned your team). Perhaps a web page that contained an entire directory with filled in .ini files (and LockUserInfo=1 set to disable the user info dialog box) is the best way for you to go. Scott Kurowski is the best person to answer your questions regarding any possible danger in sharing your password. Hope that helps, George
