On Aug 21, 2006, at 2:34 PM, Brian Moseley wrote:
On 8/21/06, Mimi Yin <[EMAIL PROTECTED]> wrote:
+ However, we don't want users to pass around plain English URLs
that would
be dead simple for everyone to hack (e.g. osaf.us/bcm/work)
+ Machine-generated tickets are better used as a URL, something
the user
clicks on
just to clear up any confusion, the url for the collection is no more
or less hackable whether or not the url contains a ticket, if the
server also requires a password to be presented.
To clarify again. would it be fair to say that an URL that does not
include a ticket IS more hackable if the sharer does NOT password
protect the share.
what if, instead of using both a machine-generated, unmemorable ticket
AND a user-generated, memorable password, we simply let the sharer
choose the ticket string if he wants, letting the server generate a
random one as it does today if the sharer doesn't care?
What if the user doesn't want to password protect the share?
Are you saying the 2 options should be:
+ Provide a URL (with embedded ticket) OR
+ Provide a URL (without embedded ticket) + password?
The only scenario where I think this would be a problem is if I
wanted to turn off password protection, I would need to send out a
new URL. But maybe we don't care about that.
What's the problem you see with having both an URL (with embedded
ticket) + a password?
Mimi
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Design" mailing list
http://lists.osafoundation.org/mailman/listinfo/design
