-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all,
I recently hopped over here in order to answer a few questions regarding a library I developed that Midgard uses. In the process, I got myself a user account. Along the way, I found a few gotchas that were really annoying: 1. The SSL certificate is signed by an unverified certificate authority and errors in most browsers. With Midgard's strong commercial presence, wouldn't it make sense for The Midgard Project to invest in, say, a VeriSign cert? (any CA that ships with the majority of browsers works) 2. The very-essential grey toolbar that offers many essential functions (in my case, changing passwords), does not appear unless JavaScript is enabled. I use NoScript, but have no problem turning on JavaScript for websites that genuinely need it. Midgard gave me *no* indication that I was missing functionality because JavaScript was turned off. <noscript> would be helpful in this context. 3. Midgard only supports logins via https. However, static page elements are occasionally linked to using http, which causes browsers to throw errors. This problem appears to be intermittent. 4. There is no visual indication if the grey toolbar's buttons (Page / Folder / Website) are disabled or have no entries. Before I realized that this toolbar was per page (non-obvious), I was scratching my head trying to figure out why Page and Folder didn't seem to work. I would suggest greying them out or simply removing them completely. 5. The first instinct for someone seeking to make a post or answer a question in the Discussion Forums is to use the facilities listed there. However, the response gets mirrored to the mailing list, where it gets caught by the moderator and languishes there. It should be made clear that the mailing list is the preferred method of communication. If you're interested in fixing this bug, user registration should also register users for the mailing lists, but should keep mail delivery off. 6. Midgard's forgotten password messages are cryptic. The one I recieved looked like this: From: [EMAIL PROTECTED] Subject: Your password has been reset. Your password has been reset to: zgnjtbxt Why is this from my email address, and not [EMAIL PROTECTED] (At the very least, the site name should be mentioned in the subject) I'm also a strong proponent of the "Give user a token to change their password" rather than the random password generation setup. This might even have the capacity to annoy users, if the old password is not kept (an arbitrary person could force the user to change their password many times. Haven't tested, of course). 7. It's extremely difficult an non-intuitive to find the member info page (Community > Registration). I recommend linkifying the logged in user name (found in the top right corner) to point to this page. 8. Midgard really should be verifying email addresses on registration. And that's it for now. Thanks for reading! I hope to be working with you guys in the future to improve Midgard's integration with HTML Purifier. Cheers, Edward - -- Edward Z. Yang GnuPG: 0x869C48DA HTML Purifier <http://htmlpurifier.org> Anti-XSS Filter [[ 3FA8 E9A9 7385 B691 A6FC B3CB A933 BE7D 869C 48DA ]] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFINIFSqTO+fYacSNoRAqgXAJ9FhrGHG1q8ILS8ei9MDNBDC5N4PwCbB0ET Nl0MDB9Nr+l6glVsJISUsTc= =Mtd0 -----END PGP SIGNATURE----- _______________________________________________ user mailing list [email protected] http://lists.midgard-project.org/mailman/listinfo/user
