[Admin-discuss] Web Forums - Authentication and Security

Cian Brennan cian.brennan at redbrick.dcu.ie
Fri Apr 23 22:23:39 IST 2010


On Fri, Apr 23, 2010 at 10:17:49PM +0100, Sean wrote:
> Hi
> 
> As you may have heard, the committee are optioning installing a web based
> forum for their users to use for discussing various topics, much like the
> existing nntp based boards.
> 
> The type of forum will most likely be vBulletin, though PHPBB and SMF
> haven't been completely written off.
> 
Redbrick should not pay for software, if there are free alternatives anything
as good.

> The issue is how to manage user authentication.
> 
> The board will probably be going behind pubcookie. While this makes it less
> convenient for the users, there are benefits of privacy and additional
> security.
> 
> Two options were suggested for user management on the board itself.
> 
> The first would be to install a quick plug in to allow authentication from
> though LDAP. User accounts would be created automatically. This seems
> relatively straightforward, though it's potential insecurity has been
> pointed out.
> 
I dislike the idea of training people to stick their RedBrick password in any
old place. And I don't trust crappy php forum software (plus, I don't know
whether this is likely to be quite as easy as you make it out to be)

> Another option suggested by a few people is to implement a Redbrick OpenID
> provider and force the board to only accept redbrick openids. This sounds
> kind of interesting to me.
> 
This is by far the better option. Especially since we could go back and remove
the hacks from wiki and gallery for pubcookie auth, which are the things which
break them the most.

> Thoughts, advice, opinions?
> 
> Seán

> _______________________________________________
> Admin-discuss mailing list
> Admin-discuss at lists.redbrick.dcu.ie
> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss


-- 

-- 



More information about the Admin-discuss mailing list