[Admin-discuss] Web Forums - Authentication and Security

Craig Christopher Martin Gavagan Mac Entee credak at redbrick.dcu.ie
Fri Apr 23 22:38:06 IST 2010


Yeah, getting rid of pubcookie hacks would be brilliant...

Some people really do like vBulletin though, But I do agree, we should 
avoid paying for software if at all possible/what suits us.

Plugins seem easy enough to install and use, a good chunk of them are
version specific and some are no longer maintained. Again, security
holes and whatnot.

The openID is starting to sound better and better, and there is an
apache module that supports it :D I'd just need to fiddle with it till I
would understand how it works... Having said that it could be done in
python :)

Craig

On Fri, Apr 23, 2010 at 10:23:39PM +0100, Cian Brennan wrote:
> On Fri, Apr 23, 2010 at 10:17:49PM +0100, Sean wrote:
> > Hi
> > 
> > As you may have heard, the committee are optioning installing a web based
> > forum for their users to use for discussing various topics, much like the
> > existing nntp based boards.
> > 
> > The type of forum will most likely be vBulletin, though PHPBB and SMF
> > haven't been completely written off.
> > 
> Redbrick should not pay for software, if there are free alternatives anything
> as good.
> 
> > The issue is how to manage user authentication.
> > 
> > The board will probably be going behind pubcookie. While this makes it less
> > convenient for the users, there are benefits of privacy and additional
> > security.
> > 
> > Two options were suggested for user management on the board itself.
> > 
> > The first would be to install a quick plug in to allow authentication from
> > though LDAP. User accounts would be created automatically. This seems
> > relatively straightforward, though it's potential insecurity has been
> > pointed out.
> > 
> I dislike the idea of training people to stick their RedBrick password in any
> old place. And I don't trust crappy php forum software (plus, I don't know
> whether this is likely to be quite as easy as you make it out to be)
> 
> > Another option suggested by a few people is to implement a Redbrick OpenID
> > provider and force the board to only accept redbrick openids. This sounds
> > kind of interesting to me.
> > 
> This is by far the better option. Especially since we could go back and remove
> the hacks from wiki and gallery for pubcookie auth, which are the things which
> break them the most.
> 
> > Thoughts, advice, opinions?
> > 
> > Seán
> 
> > _______________________________________________
> > Admin-discuss mailing list
> > Admin-discuss at lists.redbrick.dcu.ie
> > http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
> 
> 
> -- 
> 
> -- 
> 
> _______________________________________________
> Admin-discuss mailing list
> Admin-discuss at lists.redbrick.dcu.ie
> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
> 



More information about the Admin-discuss mailing list