On Wed, Nov 10, 2010 at 6:26 PM, <[email protected]> wrote: > 2010/11/10 Matthew Toseland <[email protected]> > >> First, IMHO passwords should be optional. Maybe even configurable based on >> initial seclevels. We are not going to have separate client layer databases >> for each user, since we want everyone's downloads to work simultaneously - >> and most nodes will have one user, who may have multiple accounts for e.g. >> different chat pseudonyms. If passwords are disabled, we can have a simple >> dropdown login. >> >> I'm not sure we should allow password-less accounts, maybe it makes sense > for users who don't really care about their anonymity though. We should add > a warning if they want to have a non protected access to their account. > Regarding the one-account/one-client-layer I agree. But one user shouldn't > be able to eavesdrop another user's download. >
I must agree with Matthew on this. Asking for a password is defending against someone gaining unauthorized access to their computer, but that is a bit like closing the gate after the cows have escaped. If someone has access to your computer then you are pretty-much an open book to them anyway. All demanding a password does is inconvenience the user, it won't thwart an attacker. Ian. -- Ian Clarke CEO, SenseArray Email: [email protected] Ph: +1 512 422 3588
_______________________________________________ Devl mailing list [email protected] http://freenetproject.org/cgi-bin/mailman/listinfo/devl
