On Wed 20 Aug 2008 at 10:33PM, Alan Burlison wrote:
> I have put a new beta of the Auth application on
> http://auth.opensolaris.org/auth This contains the new registration and
> login pages which will in time replace the existing account management
> pages on opensolaris,org.
>
> I would like people to test the new version and provide feedback. At
> the moment I am primarily concerned with functionality and not
> appearance, the CSS will be changed before deployment to confirm with
> the OSO L&F. I'm particularly interested to see if anyone can hack the
> site and/or find any security flaws - for example can you add a bogus
> SSH key to an account that you don't own - the 'admin' account would be
> a good choice for any attacks.
>
Alan-- I am in the midst of playing with this and have found a
nuisance problem.
I entered all of my information. Then I entered the captcha.
However, I neglected to follow the password rules (I just used
"foobar").
So, it flagged that my password was no good in red. I fixed the
password. I hit submit. It errored on me because I forgot to type
the captcha. So I typed the captcha, and it errored on me because
each time it reloads it clears the password field, and now I have
no password!
I don't know if the right way to handle this is with some
javascript, or a smarter refresh, or what. But I can see this
kind of iteration making a user frustrated and making them go
away.
-dp
--
Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp
_______________________________________________
website-discuss mailing list
[email protected]
