phpgroupware-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-users] FAQ? and admin authentication bugs


From: Chris Weiss
Subject: Re: [Phpgroupware-users] FAQ? and admin authentication bugs
Date: Tue, 10 Sep 2002 15:17:07 +0000

>>very interesting, but it only works when the two passwords are the same.
>>
>Very. Originally I had the two passwords the same  So I changed them to
>be different for testing/verifying this problem.  Same behavior.  The
>passwords are being ignored.  The authentication mechanism is broken,
>period.  From two different computers (Sun Blade 100 and Intel
>Platform), two different operating systems (Solaris 8 and W2K), and two
>different browsers (Communicator 4.76 and IE 5.5 SP2).

I would be interested to see if other people can repeat this.  With my apsswords
different i cannot repeat it.

>What I meant was that they are the same in the respect that  header
>admin generates a text file, and the config/setup screen has an "Edit
>Current Configuration" button which does the same thing, that is,
>edits/generates a text file.  Why not an "Edit Header File" button on
>the config/setup screen as STEP 1?

the second part ony writes to the database and never a text file.  I even have 
my
header non-writable so the header admin doesn't work but the config still works
just fine.

>
>>
>>Usability is something that I personally find hard to code, and especially 
>>when
I'm
>>more worried about the back end working correctly.  I think a lot of 
>>developers
can
>>relate to this.  I know the phpGW team is always open to suggestions on how to
make
>>it better, but so far you've only stated what you see as problems.  Looking
forward
>>to suggestions on how to "fix" it.
>>
>I am  1: trying to get useful feedback to confirm a problem (which I am
>still waiting for BTW), 2: waiting to hear back from the original author
>on whether they have time to work on it.   Just jump in and fix it?
> That's not teamwork, and if you aren't good at usability design and you
>aren't good at teamwork (getting someone else to code usability), then
>you're screwed and your product is not usable or even desired.     Lemme
>ask you this, are you on the phpGW team?   Am I even talking to the
>right person?  Nothing personal but I find your attitude in this
>particular case most disturbing.  If I'm wrong about something, tell me
>exactly why with examples and don't give me generalities like "your
>browser sucks" and "you don't know how to use software" and "it doesn't
>do the same thing for me so it must be OK" and ignore all the
>possibilities.
>

All I'm saying is that usuability is is the hardest part of coding.  I 
understand
it perfectly, but i also understand than a lot of poeple new the software won't 
get
it.  The setup app in current form has several hands in it, some of which are no
longer with the project and those parts have been mostly left alone since in 2
years time you are the first to bring it up as a problem and they otherwise 
work as
expected.

My point is that instead of dancing around screaming about how wrong it is, you
need to recognize the security measures already in phpGW and realize that the 
team
does take security seriously.  So the next conclusion is that there either 
isn't a
better way to this part or no one has suggested a better way.  If you think 
there
is a better way, suggest one.  I'm not saying you have to write it, just that 
there
are no ideas on this end.  Why are there no ideas?  There currently are bigger
problems than putting spit and polish on the interface.  This is still an 
evolving
Beta project.

Posting in the list is a great help, and I'm glad you have taken the time out of
you day to do so, but to make sure the bug/feature request gets to the right 
person
and doesn't get lost in noise of the list, please also post it to the proper
section on Savannah http://savannah.gnu.org/projects/phpgroupware/





reply via email to

[Prev in Thread] Current Thread [Next in Thread]