• Welcome to the new B.I.R.D. Forum. Please be sure to read the "New Member / New Registered ? Please Read" thread in the Coffee Shop. This contains some important information. To become a full member ( £5.50 a year ) simply click on your user name near the top on the right I hope you enjoy the new site ................ Jaws ( John )

IMPORTANT - Forum Security Poll

  • Thread starter fat bert
  • Start date

for added security, would you mind if you had to "log on" every time

  • Yes

    Votes: 11 31.4%
  • No

    Votes: 24 68.6%

  • Total voters
    35
Status
Not open for further replies.
F

fat bert

Guest
Given what's happened to our Coffee Shop, we can protect ourselves by removing the "remember me" option.

This means that you would have to log in every time you accessed the forum BUT would help prevent abuse and possible "unauthorized access"

Would you mind if you had to do this - please vote - it's important!!

Any Views?
 

Murt

Letch
Read Only
Spose its a sign of the times,

It seems we will need to protect the forums, an entry logon is a pain, but is safer than any old tom harry or DICK messing the system up.

( but can you give us warning so I can try and remember my password and how to log in with it !)


Happy new soddin year.

( and I think I clicked on the wrong button to vote, I am for logging on each time)
 
F

fat bert

Guest
Murt~~

If [by democratic voting] this option is put in place, we could always email members existing handles and passwords to everyone individually with the option to change if required.

A major Pain but prolly worthwhile!
 
N

NoBBy

Guest
Hello

I have not been in here a right lot of late, could someone explain what has been going on :h


Paul
 
W

Wiz

Guest
Re: Murt~~

Originally posted by fat bert
If [by democratic voting] this option is put in place, we could always email members existing handles and passwords to everyone individually with the option to change if required.

A major Pain but prolly worthwhile!

We can't do that I'm afraid mate because whilst we can change a password in the admin section, we can't see what the old one is. I'd suggest that if we do go this route (and assuming that I can hack the BBS code to do it) people change their passwords and write them down if they have forgotten them.
 

ianrobbo1

good looking AND modest
Club Sponsor
Im all for it,

a few seconds is all it takes, and it would help keep the riff raff out, so why not??:yo:















keep the rubber side downR#?
 

ALonaBIRD

Registered User
Read Only
i guess it would be a pain in the @rse having to log in every time :mad: but if it saves the forum going tits up then i can put up with that
 

Bird Info guy

Font of all useless info !
Suggestion......

As Quiney pointed out, and what is standard IT practice (or should be). If the administrators have a 'godlike powers' login profile that they only use when they need to perform admin duties, and a normal profile for everyday use, then this situation is very unlikely to ever occur again. I think Wiz alluded to this in another thread.

So, how about not going overboard in a panic at this stage, and leaving the setup as it is but just implementing a controlled use of administrator login?

Backups would be very useful, as Wiz has said, provided this is practical within the limits of budgets, time, etc.

I don't mind having to login every time if it's absolutely necessary, but I don't think that it is in this case.

Just my two pennyworth.
 

Bubba

Registered User
Read Only
I'm with Nobby on this one. Care to tell us what happened???
 

DB on CBR1100XX

Official BASH referee !
Read Only
IMHO..........

..........there is no need to switch off auto logging on.

Nearly every site you have to register with allows this with no probs at all. Cookie technology is simple and effective. As has already been echoed here, the problem lies with the administrators and not the subscribers.

Administrators should have separate logon for superuser admin use only. These admin accounts should NOT have autologon facilities and if they have to be used from public machines then the person concerned should make sure that history and password remembering is turned off or cleared after use.

These things are for Wiz and Co to sort but it shouldn't affect us proles :} We've been taught a painful lesson - lets learn from it but not overreact eh?
 

XXscraper

Registered Users
Read Only
If the things being backed up, it should not be such a problem but belts and braces, how much hassle is it to log on anyway?

The poll is neck and neck at the mo, 23 votes each :goofy:
 

Quiney

Been there, and had one
Club Sponsor
OK

So we change the forum so that we have to log-on each time.
So lets ensure that the standard IT procedures are followed this time.

1. Password should be at least 6 characters long and be alpha-numeric ie ab12cd, not you DOB/wifes name etc
2. The system should force you to change you password after a set period, say 28 days
3. You cannot re-use a password that has been used before.

Hum, a little bit tedious!!!

Now every other forum I go onto has the 'remember me' feature. Are they also vunerable? or have they got it right?

Let's not get too excited and kill the fun.

In following normal IT procuderes, if the administrators only log-on (no 'remember me' for them) when they actually need to do some admin function ie add a new forum, make a thread sticky, and log-off when finished, then problem solved.

The use of a public computer was not the cause. If administrators are logging-on as such for their general use of the forum and have the 'remember me' activated then they are all at risk. If any of their computers got stolen/were used by a stranger then the same thing could have happened.

Learn the lesson and let it be.
 

trophychap

Registered User
Read Only
IXXRA

IXXRA security

I just thought that I would go on the IXXRA site and wish everyone there a Happy New Year and it seems that Anth has decided to instigate his own security measures as I have now had to re-register my details to gain access to the members forum. So I am now waiting for conformation of my registration before I can enter the forum. I can't help but wonder what hassle this would cause the administrators of this site if we all had to re-register to gain access or post to the forum considering how much more active this this forum is compared to IXXRA. :dunno:
 
F

fat bert

Guest
Looks like~~

it "Even Stevens" so suggest that we keep things as they are

I'll close the thread and unstick so it gradually disappears?

Thanx for the input

FB
 
Status
Not open for further replies.
Top