Topic: [Security request] Edit profile

Hi

When editing my profile, i noticed that it does not ask for my password at any stage (before accessing the page, or when saving the changes). This could be a possible security hazard, and I think I should be fixed

Thnx

Re: [Security request] Edit profile

I think prompting for passwords every time you need to change something introduces unnecessary UI clutter and complexity.

In the unlikely event that someone accesses your computer while you are away from it, or some other kind of session hijacking, if they steal your account by changing your password, please email me at admin@deckbox.org and I will manually restore your email and access to your account.

Of course, if you think this is not acceptable for some reason, we could discuss it further, as I want everyone to feel safe here smile

Re: [Security request] Edit profile

Thnx smile

I just know that the default behavior for changing something that might jeopardize your accounts safety  is to prompt for password (see all the email servers, game accounts etc). I don't say to ask for password if someone changes the color settings (even that is acceptable), but if someone tries to change the password/e-mail/login, I think you should, cause normally you don't change it ever other day, so you can deal with the "complexity" of retyping it.

Better safe than sorry smile


ps. I feel safe, case I can go to you and say.. hey.. heres a beer... please reset my account smile

Last edited by Spoook (2010-05-14 06:28:38)