[feature-proposal] Forgot password improvements
Caio Tiago Oliveira
caiotiago at colivre.coop.br
Wed Nov 13 11:41:43 BRST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/13/2013 10:13 AM, Ewout ter Haar wrote:
> My problem and the reason for my disappointment is what happened
> next. The affirmation of an opinion disguised as a technical
> issue. Using terms as "brute force", "privacy destroying", "Nope"
> (you wouldn't understand, leave the technical matters to us,
> computer scientists), "No, it won't". Everybody so sure of
> themselves...
This list is called noosfero-dev for a reason. No, it is not related
to any kind of meritocracy. If you don't understand something, it
doesn't mean it is not relevant.
> And then, when pressed to make explicit their thread model, it
> turns out that it involves the generation of fake users, with a
> very small probability of there even existing a vulnerable user!
The only way to avoid fake users is to take some info which can be
validated, such as NSN or CPF, and then validate it to match the
person's name and other info, if available.
To avoid an user changing some internal field, we ought to ask for a
captcha for every change or implement something to ask for it after a
few changes in a row.
The rate limit is not much effective in the sense it won't avoid an
brute force attack in this case, it will just make it slower. The user
would have to be blocked.
The CPF is something which require some brute force technique to be
effective, but everything an user choose to make private, should stay
private. We can't judge every field if they are going to be
environment defined. We can just judge is that it is not impossible
and some admin could make some poor choice.
Sadly, most people would blame the software because it allowed the
dumb admin to make dumb things.
> This is the kind of debate I object to. I call this technical
> intimidation. To dismiss this as bikeshedding is condoning the
> behavior. And it is a pity, because privacy issues a so much
> worthwhile discussing.
Using some term which is taught on a first grade education, such as
"intersection of sets", is that intimidation?
Is using some term like "brute force" or "collision" a technical
intimidation?
Man, are we denied to use some basic terms in a technical list?
The information is public out there.
You may be upset due to dozens of usability issues, but adding
security concerns will make up for that?
Again, if someone doesn't understand something, is that intimidation?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJSg4GXAAoJEMzgGcmGlt4Bi6cP/1hQWvx7ex+Oq+IT30rlZEbB
oMcdieu85kdPYfjXcBAzrhTJlDacfy7aMHH1zLPMQ8o0GlIK+xzbX+uc1MrG9Zgz
jkeY0HW8OdLMiLadgqvYd7wPy+dcTaiPVXz9lDNH5Dgx7RH5xcvOI4XZK2BQ6vQ6
z5PGZgs/GZ8gbqFHzMQFnMDbRadmXf18YH9IaZtZrZauxsVpGWWzZnL7IzWDDSnz
w4/03p9jNHyoG9ueTIWy87W30y5uWhxnJjhvdy825aq+5yc2wusRVyRbBZjn6gcF
yWfaBUvMCGOAJKYBgl4EaZyMpZOAbFdXXKb9T/oDZit2GHs3ZEHFolYpGVkndEjZ
FShuFdPSj7KlT/EyvducespDLR+doOZ8arwrnErZ0klYgHlKuRQQhBht8WVTKTZI
As1va0xfqpWqn+tzcd0C76hyHm7KjIK9fUPG6gc8sgFwjNQcLDkUvnObw4LHbrrq
fiWGA6W4BqT8A7nRX0SC5bV2WYpa4Gc79y1mZs8SmsT5j53YQNlSCbFPaGHlrZbB
IW6oFJgDpM8/DBEndVKwfr0tEUR2oG1jME3xDfBMVilM1Rus13/0VX7LNzG0tZr5
KE2U+O/QsgPX41Zct5Ajm5Ts9F05meyVKo0UHuNQ736M8ULjuVyvHTaTb6UVesDG
Mscno5jWMpidRTrCaRMw
=4Q1Q
-----END PGP SIGNATURE-----
More information about the Noosfero-dev
mailing list