On Wed, Nov 10, 2010 at 6:26 PM, <cvollet at gmail.com> wrote: > 2010/11/10 Matthew Toseland <toad at amphibian.dyndns.org> > >> First, IMHO passwords should be optional. Maybe even configurable based on >> initial seclevels. We are not going to have separate client layer databases >> for each user, since we want everyone's downloads to work simultaneously - >> and most nodes will have one user, who may have multiple accounts for e.g. >> different chat pseudonyms. If passwords are disabled, we can have a simple >> dropdown login. >> >> I'm not sure we should allow password-less accounts, maybe it makes sense > for users who don't really care about their anonymity though. We should add > a warning if they want to have a non protected access to their account. > Regarding the one-account/one-client-layer I agree. But one user shouldn't > be able to eavesdrop another user's download. >
I must agree with Matthew on this. Asking for a password is defending against someone gaining unauthorized access to their computer, but that is a bit like closing the gate after the cows have escaped. If someone has access to your computer then you are pretty-much an open book to them anyway. All demanding a password does is inconvenience the user, it won't thwart an attacker. Ian. -- Ian Clarke CEO, SenseArray Email: ian at sensearray.com Ph: +1 512 422 3588 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101111/0c64cdd3/attachment.html>
