MozillaZine

Full Article Attached New MozillaZine Member Area

Saturday January 2nd, 1999

UPDATE BELOW! (1/3/98)

MozillaZine now has a member area, and a number of other new features!

Membership in mozillaZine is free, and confidential. Your information is displayed only if you specifically want it displayed.

To read more about the membership, and what it offers you, click "Full Article" below.

To sign up, just click "members" on the navbar at right. All that we require is a valid email address to confirm the account. Please note that if you enter a bogus email address, or an email address that you don't have access to, you will not be able to validate your account.

If you find any bugs, please submit them here: mozineBugs@mozillazine.org. Don't post them in the forum, please!

UPDATE!If you created a bio page, and were wondering why it didn't show up, it was because a slight change I made to the template was not uploaded properly. To fix the problem, go to the members area, edit your bio page, and just click the "Alter Account" button. Your page should generate properly. Sorry!

Also, we've created a new option in the members area for people who don't believe they've received a validation message. (We've gotten no bug reports about this, but with the flaky weather the past few days, it's better to be safe than sorry.) Just enter your login and password, and a new validation message will be sent to your email address. This feature won't work if you're already validated.


#1 Here's a sample of the new user info

by mozineAdmin

Saturday January 2nd, 1999 12:27 PM

Reply to this message

You'll notice that my login name above is in bold, to reflect the fact that I'm a member of the site. Also, you'll notice a "User Profile" link beside my name. Click it to see my profile page.

Please feel free to contact me if you have any issues regarding membership.

#2 Re:New MozillaZine Member Area

by ludde

Saturday January 2nd, 1999 1:02 PM

Reply to this message

Wow, it is really bold :)

#3 Bold...

by mozineAdmin

Saturday January 2nd, 1999 1:22 PM

Reply to this message

>Wow, it is really bold :)

Jeez! Cut me some slack! :) If the consensus is that it's not enough to differentiate members from non-members, I'll change it. How about adding the word "member" before the login (bold as well)?

#4 This is awesome

by ERICmurphy <murphye@gmail.com>

Saturday January 2nd, 1999 6:05 PM

Reply to this message

Can you provide some information on this talkback and profile setup?

Keep it up, this site is getting better by the day!

#5 Re: talkback and profiles setup

by mozineAdmin

Saturday January 2nd, 1999 6:22 PM

Reply to this message

Eric,

Thanks for the compliment!

The talkback and profile setup was handrolled using PHP3 and MySQL. I've had a lot of requests for the code, but it's just too poor to give out at the moment. After this new code is debugged, and the wishlists go online, I plan to take a while and clean up the existing code; it may actually get to the point where I wouldn't be embarrassed to relese it! In the meantime, check out PHP3 at http:<http://www.php.net.> It's actually enjoyable to code (Perl is enjoyable too, but in a treasure-hunt kind of way, IMO).

#6 Re:New MozillaZine Member Area

by mozineAdmin

Saturday January 2nd, 1999 6:23 PM

Reply to this message

sorry, I messed up the URL to PHP's website. Click this link: <http://www.php.net>

#7 Looking great

by jedbro

Saturday January 2nd, 1999 8:50 PM

Reply to this message

Glad to see some new features coming.

The Site is looking great Chris. Good job.

#8 Re:New MozillaZine Member Area

by Waldo

Sunday January 3rd, 1999 12:21 AM

Reply to this message

This is great! Congrats...

W

#9 Re:New MozillaZine Member Area

by asa <asa@mozilla.org>

Sunday January 3rd, 1999 4:37 PM

Reply to this message

how about a poll for most desired mozillaZine additions.

#10 mozillaZine Additions

by mozineAdmin

Sunday January 3rd, 1999 4:56 PM

Reply to this message

Asa,

That's a good idea. If anyone has ideas for what they'd like to see in the site, mention them here, and we'll pick the most promising (or easiest) ones, and create a poll with them.

#11 Re:New MozillaZine Member Area

by HoserHead <hoserhead@woot.net>

Sunday January 3rd, 1999 5:15 PM

Reply to this message

Static HTML files for user profiles? eek! Why not a perl/PHP script interface to a database?

#12 Re:New MozillaZine Member Area

by mozineAdmin

Sunday January 3rd, 1999 6:59 PM

Reply to this message

Hoserhead,

simple. I don't want to tie up PHP and MySQL any more than I have to. I already use dynamically generated pages more than I should.

#13 Re:New MozillaZine Member Area

by HoserHead <hoserhead@woot.net>

Sunday January 3rd, 1999 9:47 PM

Reply to this message

Wimp ;) Bah, what am I talking about, <http://www.woot.net> - my page - looks like it's generated dynamically, but it's really lots of static pages which are updated manually by perl scripts when I'm ready to update them. My machine gemini, a 486 with 12 MB of RAM, can't handle MySQL at all (due to its slackware 3.4 heritage - no threads.) One more thing: a cookie remembering our user data would be great (in addition to the username/password thing, as a fallback). I really despise entering usernames and passwords all the time.

#14 Re:New MozillaZine Member Area

by julianm <julian@zereau.net>

Monday January 4th, 1999 2:55 AM

Reply to this message

Have you looked at Zope as a site server? It is looking pretty interesting...

#15 Re:New MozillaZine Member Area

by mozineAdmin

Monday January 4th, 1999 6:14 AM

Reply to this message

Hoserhead,

Hmm.... that's exactly what I do for the bio pages. The user bio info is stored in a MySQL database, and whenever the bio information is updated, the page is regenerated with PHP3.

Also, I don't use cookies for security reasons.

#16 Re:New MozillaZine Member Area

by nilsson <nilsson@id3.org>

Monday January 4th, 1999 4:44 PM

Reply to this message

Usability is more important than security. Make the use of cookies optional. Set a low expiration date.

#17 Re:New MozillaZine Member Area

by mozineAdmin

Monday January 4th, 1999 7:15 PM

Reply to this message

nilsson,

I have to respectfully disagree with you on the point about security. I make no money from this site, and can't afford any possible legal consequences of utilizing cookies. It may seem paranoid, but there you have it.

I also have to disagree on the usability vs. security issue. When you look at it as usability vs. liability, it becomes a different matter. I believe the benefits of using the login/password for responses outweigh the extra few seconds required to enter the password.

If you are not a member, a name still needs to be typed into the response form in order for the response to appear. Adding a password field doesn't take too much extra time, and it also gives you the added benefit of preventing spoofs inside the forums.

The creating and maintaining of a website usually comes down to a series of tradeoffs between what's good for the user and what's good for the maintainer of the website. We've attempted to provide useful tools for our viewers. The tools are there for them to utilize as they wish. The login/password combo isn't necessary for responding in the talkback forums, and our viewers can use whatever method they feel most comfortable with.

I seem to recall that an addition to the UI of Mozilla was planned that will allow the contents of a form field to be saved for repeat use at a later time... This can obviate the need for cookies entirely, and allow the user to decide what information is stored, and when it is displayed.

I believe that the usability issue that you raised is one best dealt with by the browser interface, not by the site maintainer: a UI solution shields the maintainer from liability and protects an unsuspecting viewer from getting burned by a "cookie thief" who steals their identity.

#18 Re: C is for cookie.. (good enough for me)

by Waldo

Monday January 4th, 1999 10:07 PM

Reply to this message

I'm a little confused.. what's the liability factor?

Let's say, worst case, someone exploits some horrible cookie bug and is able to steal someone elses "identity" - what could happen, worst-case?

Well, they could post as you...whoop de do. The accounts are more or less anonymous anyway so I don't see how that's a big deal. If you used the same login/pass for other accounts, I guess they could try there too. That's their fault.

But really, couldn't they grab your identity by countless other known methods? (sniffing the unencrypted password along the pipe for example). How is not using cookies any safer?

What kind of liability is involved for you if they're exploiting a bug you didn't know about and had no way of knowing about? I don't see how using cookies makes you negligable... I mean, everyone uses 'em.

Finally, whatever the liability (real or imagined), couldn't you just put a disclaimer (as part of your membership policy) that you won't be held accountable for this kind of thing?

I dunno. Maybe I'm totally offbase..? Yer site, yer choice obviously.

W

PS-- any way to get a "preview" button instead of just "SUBMIT" at the bottom, kinda like /. ?

PPS-- whoa.. accidentally typed my login into the first two text fields..that would have given it away even easier, eh?

PPPS-- The site is getting cooler and cooler every time I log in!

PHEW!

#19 Re:New MozillaZine Member Area

by mozineAdmin

Monday January 4th, 1999 10:37 PM

Reply to this message

I realize that other sites do this same sort of thing, but personally I feel that they're taking a great legal risk. Cookies are good for tracking purposes, but I feel they are not the best means of maintaining sensitive user information. Maybe that's a risk that other sites can take because they have the money to defend against that kind of nonsense.

Say, for example, an identity was taken and the spoofer slanders a person in my forum. The slandered person sues the person who was "spoofed", who then sues me for placing the cookie in the first place (let's say for argument's sake that they knew the risks, because I put up a disclaimer). I don't have the resources to defend against that kind of lawsuit, even if I know that I would probably win it. And I'm going to do my best to avoid placing myself in that kind of situation. When it's your website, you can feel free to do what you desire, but please don't ask me to do something that I don't feel comfortable doing. I've been taken by inscrutable people before, and I'm not going to paint a target on my chest to attract them.

Is it probable that the hypothetical situation above will occur? Probably not. Is it possible? Absolutely.

As for your PPS (Placing the login name and password into the "Name" and "Email" fields respectively), it won't work - for two reasons. First, any non-valid email addresses are voided before display. So, the password would simply be nullified, and not displayed. Secondly, you cannot post via Name/Email using the name of a member (case insensitive - try it). So, those two failsafes kick in to prevent passwords from being revealed.

#20 Re:New MozillaZine Member Area

by nilsson <nilsson@id3.org>

Tuesday January 5th, 1999 1:54 AM

Reply to this message

I don't see why storing the password in a from-cache would be better than storing it as a cookie. The only big difference is that you can not set any expire date. On our system we have two methods of avoiding to enter identity and passwords over and over. Either you use cookies or your IP will be connected to your identity until a custom minutes of inactivity. But I guess that's completely out of the question here.

#21 Re:New MozillaZine Member Area

by ERICmurphy <murphye@gmail.com>

Tuesday January 5th, 1999 10:38 PM

Reply to this message

Here is the solution to all your problems. Use IE 5 beta and it will remember all your passwords and type them in for you! HAHA

Actually, it would be a nice feature to put in Mozilla.

#22 Re:New MozillaZine Member Area

by zontar

Wednesday January 6th, 1999 9:22 AM

Reply to this message

Eric,

MozClassic (at least the ones I used) had the same thing. Gecko supports it as well, so I think it's reasonable to assume that the "new" Mozilla will have it as well.

MozZinePeople:

Thanks a million. You folks are doing an excellent job with the site!