[prev in list] [next in list] [prev in thread] [next in thread] 

List:       twig-devel
Subject:    [twig-devel] passwords
From:       Steffen Prohaska <prohaska () zib ! de>
Date:       2000-11-24 17:33:27
[Download RAW message or body]

First, I think twig is a really nice tool. I installed it yesterday and
now some people are playing around with it a little bit.

Two points so far: 
1.
I don't think it is a good idea to have a default configuration that is 
so weak in security. You start and want to get something running and as
you start you have passwords in clear text in your cookie file and in
all
of the files of the people who cheerfully help you testing:
That's a VERY BAD idea. pop3 or imap password normally are identical to 
login passwords. They should NEVER be in clear text anywhere.

There are different options - The only one I think is good enough are
the
securecookies - but you have to find them, read mail archives ...
No warning anywhere, no grep which leads you on the way. 
Please change this default behavior and add some big warnings in the
documentation.

2.
The delete buttons in the schedule list are much to easy to press by
accident.
There are enough possibilities to remove an item. I think it would be
much
safer to remove the delete icons fully, or change them to edit icons,
like 
todo and notes.

	nevertheless, I think we will like twig.
	
	regards
		steffen prohaska
-- 
---------------------------------------------------------------
| Konrad-Zuse-Zentrum Berlin  |  E-Mail: prohaska@zib.de       |
| Takustrasse 7               |  Phone:  +49 (30) 841 85-337  |
| D-14195 Berlin-Dahlem       |  FAX:    +49 (30) 841 85-107  |
| Germany                     |  URL:    http://www.zib.de    |
---------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]