FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Allow read-only access to frihost's phpbb_users table?





ocalhoun
Could read-only access to Frihost's phpbb_users table be made available?

The reason this would be good is that Frihost users could make frihost-related websites without requiring current frihost users to register.

Examples of what one could do with this:
Make a survey that frihost users could easily fill out, while ensuring that each person only fills out one survey.
Grow the user-base of a new forum by advertising here that one does not need to register in order to use the new forum.
Provide a way for there to be things many frihosters want, but which probably won't happen here such as: Forum games, chat room(s), politics forum, debate forum (or debate system).

The only question is would it be secure? There would have to be something to prevent someone writing a script that would read the database, then outputting all the valid username/password combinations. Perhaps access to the password field could be denied, requiring users to have new passwords to sites that make use of this.
Bondings
That would go against our privacy policy, section D2. Besides, way to insecure and easily abused.

By the way, I don't have anything against a politics forum, other than that a lot is already covered in the daily world news forum and that it would be yet another forum.
mOrpheuS
That would mean giving out each users personal information like email etc.
which, obviously, cannot be done.

And if you skip the password field it does not serve any of the purposes that you list.


edit : I know I type slow.
ocalhoun
^Any other sensitive info (such as E-mail) could be denied access to in the same way the password field would be off-limits.

And, yes, if it was done poorly, it would be a terrible security risk, but if the permissions are set right (and set to deny access to the password field) how is that a significant risk to security?
mOrpheuS
ocalhoun wrote:
^Any other sensitive info (such as E-mail) could be denied access to in the same way the password field would be off-limits.

And, yes, if it was done poorly, it would be a terrible security risk, but if the permissions are set right (and set to deny access to the password field) how is that a significant risk to security?

If you do not take the username-password combination, it will not mean FRIHost users - it will mean users with same usernames as FRIHost users.

Having to set a new password for another site is as good as having to register over there!

Seriously, this is the most peculiar suggestion I've seen in a long time Razz
GSIS
I wouldn't want to be given automatic access to any site. I don't mind being told that it exists (via a forum posting - not via email) and invited to register should I so choose.
James007
That would give the creepy google-feeling. Like, when you're on some new google-site and suddenly this site KNOWS WHO YOU ARE.

Freaky... Shocked

I think only FriHost's own sub-sites need to have this access.
Marston
I dunno I kind of think this is a cool idea, and I'm pretty sure there are ways to do it securely (I've seen the same idea used in a few phpbb 2 mods, I believe).
Bondings
The only way this would be possible is something like an authentication system where a third party website would ask us if user x with ip y is logged in and we (server) would respond yes/no. But that might have some security risks and - most importantly - is way too hard to implement on both sides (meaning that even if I successfully code it, I doubt anyone would take the time to use it, unless for an exploit).
garionw
I quite like the idea, but as Bondings said the "if they are logged in" thingy would have to work, because I don't want my password floating around the internet (even in its encrypted mode)

It would help boost traffic to the smaller sites because we could participate in their forums without the need to register.
Animal
GSIS wrote:
I wouldn't want to be given automatic access to any site. I don't mind being told that it exists (via a forum posting - not via email) and invited to register should I so choose.

I agree with GSIS on this issue. If I wanted to register for a forum or site, I would - it should not be assumed that I want to become a member of any site and this step made for me. In my opinion, this would be a serious privacy breach, and you also may be breaking various laws (such as COPPA - when you register on any forum, the COPPA agreement applies to that site only and no other).

This is (in my personal, non-mod) opinion a really bad idea, and I would not support it at all. Not even with the discussed security / validation measures implemented.
Manofgames
most people here agree that sites knowing who you are is freaky.
but for dynamic sigs is another matter- ie a sig saying i have x posts on frihost.
A bit like what captin crayon/colour(i can never remember) does on his forum.

The way to avoid security issues is to export public info like username, intrests etc. to a new db/txt/sql file once per day, by cron, when frihost is on average least busy.

read only access to one table is too risky.
Related topics
some questions about the webhosting
Do any imagehosts allow ftp access. Can i hotlink images?
what happen to frihost today
Problem accessing non-frihost ftp server
How do you access Frihost?
Using Neighbor's Wireless Link: Probation
[Frihost] External connections to MySQL VPS1 & Server 2
Cannot access frihost forums if the "www" is omitt
phpBB3 ~~ Board Features Problem
Want to access frihost DirectAdmin behind a HTTP only proxy.
Database security
Does FriHost allow PHP access to other URLs (Curl, etc.)
i tried access frihost using my blackberry browser
How often do you access Frihost on mobile?
Reply to topic    Frihost Forum Index -> General -> Suggestions

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.