Nuke Evolution Xtreme - Leading Open Source Content Management System

Taking Evolution to the Xtreme!

Forum Index  ·  Search  ·  Usergroups  ·  Edit your profile  ·  Members List  ·  Login, Check Messages
Arcade  ·  Ranks  ·  Staff  ·  Statistics  ·  Board Rules  ·  Forum FAQ  ·  Log in

Search for at
Evolution-Xtreme Advanced Search


+  
Latest Site News   Next 5 >>  
 Forum   Author   Replies   Last Post 
Clan Manager 1.0.2 ( Free ) New News! Lonestar 5 Thu Jul 05, 2018 11:42 am
DjDecibel View latest post
HeadShotDomain Back Online New News! coRpSE 8 Sat Mar 24, 2018 10:57 am
coRpSE View latest post
Sub Black New News! Grmm 3 Sun Mar 18, 2018 10:59 am
Lonestar View latest post
Grrrr ! Evo-File is [Holding] Again! New News! coopvet2000 7 Sun Jan 28, 2018 9:31 am
coopvet2000 View latest post
Note [ CLOSED ] Realm Designz is Officially CLOSED! New News! TheMortal 0 Fri Jan 12, 2018 3:54 am
TheMortal View latest post
 
   
Recent Topics   Next 15 >>  
 Forum   Author   Replies   Last Post 
Warning ! Evo staff looking for some volunteers. Community Announcements coRpSE 22 Wed Jul 25, 2018 6:13 pm
i0shi View latest post
New Evolution Xtreme site Community Announcements Lonestar 0 Wed Feb 13, 2019 5:46 pm
Lonestar View latest post
[ MOD ] - Honeypot V2.2 AntiBot Module Security coRpSE 111 Thu Jan 31, 2019 8:04 pm
allrocknmetal View latest post
Evo Xtreme 2.0.9D Updated for PHP 5.6 General Support coRpSE 125 Wed Oct 25, 2017 12:54 pm
Gregsta View latest post
Deutsche Sprachdatei - german language files German DT50R 7 Thu Jan 28, 2016 7:04 am
DT50R View latest post
Module Stuck Modules jeremystcyr 3 Tue Feb 12, 2019 10:50 am
coRpSE View latest post
Note [PREVIEW] XtremeV3 NEW Design Questions TheMortal 37 Tue Feb 12, 2019 3:15 am
allrocknmetal View latest post
error creating a section in the forums General Support fire 1 Wed Feb 06, 2019 3:27 pm
Lonestar View latest post
Work in php7? General Support fire 7 Wed Feb 06, 2019 8:58 am
TheMortal View latest post
Not letting me create members accout Bugs Gregsta 12 Sun Feb 03, 2019 9:19 am
Gregsta View latest post
Flash Theme Changes[FIXED-RESOLVED] General Support RAIN 9 Sat Feb 02, 2019 1:52 pm
Pulaski View latest post
MySQL 8. Bugs jxxaxxy 0 Fri Feb 01, 2019 11:14 am
jxxaxxy View latest post
would be members cannot register Bugs GI_ 5 Fri Feb 01, 2019 9:28 am
GI_ View latest post
can't change members status General Support mwjohn58 1 Wed Jan 30, 2019 5:35 am
Lonestar View latest post
Not letting me add download General Support Gregsta 5 Mon Jan 28, 2019 10:34 am
Gregsta View latest post

You think we should implement 2FA? - PLEASE READ & VOTE

 
This forum is locked: you cannot post, reply to, or edit topics.    This topic is locked: you cannot edit posts or make replies.    printer-friendly view    Evolution-Xtreme Forum Index -> General Chat
View previous topic :: View next topic  

Should we put this in and which version?
Yes, put it in. Use SMS text message.
0%
 0%  [ 0 ]
Yes, put it in. Use Google Authentication.
100%
 100%  [ 2 ]
No, its not needed.
0%
 0%  [ 0 ]
Total Votes : 2

Author Message
coRpSE
Site Admin
Site Admin
Xtreme Developer
Xtreme Developer



Gender: Gender:Male
Joined: Dec 24, 2008
Posts: 1397
Location: Back of your mind!!!
Reputation: 212
votes: 11
usa.png


Status: Offline
Web Control Panel: 11.42.0 (build 23)
PHP Version: 5.4.24
SQL Version: 5.5.37-35.1-log
PostPosted: Fri Jun 01, 2018 7:46 pm Post subject: No icon You think we should implement 2FA? - PLEASE READ & VOTE Reply with quote

 This  is  a  new  security  system  we  are  thinking  of  putting  in  so  be  sure  to  read  and  vote  please. 
 
 For  those  of  you  that  don't  know  what  2FA  is,  well,  it  stands  for  2  Factor  Authentication.  Two  Factor  Authentication,  also  known  as  2FA,  two  step  verification  or  TFA  (as  an  acronym),  is  an  extra  layer  of  security  that  is  known  as  "multi  factor  authentication"  that  requires  not  only  a  password  and  username  but  also  something  that  only,  and  only,  that  user  has  on  them,  i.e.  a  piece  of  information  only  they  should  know  or  have  immediately  to  hand  -  such  as  a  physical  token.
 
 Using  a  username  and  password  together  with  a  piece  of  information  that  only  the  user  knows  makes  it  harder  for  potential  intruders  to  gain  access  and  steal  that  person's  data  or  identity.
 
 What  I  have  been  talking  to  Lonestar  about  the  past  two  days  is  about  maybe  implementing  some  sort  of  2FA  into  the  CMS,  but  the  question  is,  which  one.  There  are  a  couple  of  free  ways  that  this  can  be  done  for  the  CMS. 
 
 

     
  • Google  Authentication  App

  •  
  • SMS  Text  Message

  •  

 
 The  Google  version  would  require  you  to  have  the  app  on  your  cellphone  to  be  able  to  use  it.  The  problem  with  that  is  if  your  phone  is  lost  of  damage,  recovering  is  a  bit  harder  to  fix.  The  SMS  text,  if  your  phone  gets  lost  or  stolen,  more  and  likely,  you  would  just  have  to  buy  a  new  phone  and  you  would  still  have  the  same  number. The  down  fall  to  this  method  is  that  data  rates  may  apply.
 
 If  we  did  go  for  the  SMS  way,  there  would  be  a  field  to  fill  in  with  your  phone  number  and  another  option  to  select  your  carrier,  (more  and  likely).  The  number  will  only  be  visible  to  you  and  no  one  else  within  the  editing  of  your  account  information. 
 
 Both  systems  would  only  initiate  if  your  connecting  to  the  site  from  a  unknown  IP  address,  so  if  your  connecting  from  a  IP  you  used  before,  you  wont  need  to  authenticate.  Do  you  think  this  is  something  we  defiantly  need  to  develop  and  put  in,  and  if  so,  also  vote  on  which  one  you  think  you  would  prefer  that  was  built  into  the  CMS.
 
 I  am  posting  this  on  my  site,  and  Lonestars  site  as  well  and  will  take  a  look  at  each  sites  results  to  determine  what  we  should  do.
Back to top
View user's profile Send private message Visit poster's website
jxxaxxy




Joined: Jun 28, 2011
Posts: 11

Reputation: 1.4


Status: Offline
PostPosted: Sat Jun 02, 2018 8:27 pm Post subject: No icon Re: You think we should implement 2FA? - PLEASE READ & V Reply with quote

 This  is  a  cool  feature  and  many  banks  already  have  this.   I  am  not  sure  if  this  is  something  csm  would  need  but  I  am  not  opposed  to  it.   It  would  be  great  if  a  user  has  the  option  to  use  it  or  not  to  secure  their  account.   Star  Wars  The  Old  Republic  has  this  option.   If  you  used  it  they  gave  you  extra  credits  in  the  game.   But  you  could  also  turn  it  off  at  anytime  too.   But  like  you  said  I  would  imagine  you  would  need  your  phone  to  get  the  pass  code  in  order  to  turn  it  off.   It  would  also  be  nice  if  nuke  evo  has  built  in  google  recaptcha  as  well.   I  am  not  sure  when  version  3  will  be  released.  
Back to top
View user's profile Send private message
coRpSE
Site Admin
Site Admin
Xtreme Developer
Xtreme Developer



Gender: Gender:Male
Joined: Dec 24, 2008
Posts: 1397
Location: Back of your mind!!!
Reputation: 212
votes: 11
usa.png


Status: Offline
Web Control Panel: 11.42.0 (build 23)
PHP Version: 5.4.24
SQL Version: 5.5.37-35.1-log
PostPosted: Sun Jun 03, 2018 12:48 am Post subject: No icon Re: You think we should implement 2FA? - PLEASE READ & V Reply with quote

  jxxaxxy  wrote:
This  is  a  cool  feature  and  many  banks  already  have  this.   I  am  not  sure  if  this  is  something  csm  would  need  but  I  am  not  opposed  to  it.   It  would  be  great  if  a  user  has  the  option  to  use  it  or  not  to  secure  their  account.   Star  Wars  The  Old  Republic  has  this  option.   If  you  used  it  they  gave  you  extra  credits  in  the  game.   But  you  could  also  turn  it  off  at  anytime  too.   But  like  you  said  I  would  imagine  you  would  need  your  phone  to  get  the  pass  code  in  order  to  turn  it  off.   It  would  also  be  nice  if  nuke  evo  has  built  in  google  recaptcha  as  well.   I  am  not  sure  when  version  3  will  be  released.  
 

 Yeah,  actually,  many  CMS's  are  actually  starting  to  implement  this  into  their  systems.  As  for  Google's  Recaptcha,  that's  actually  already  done.  I  finished  that  about  a  month  ago  and  got  the  files  over  to  Lonestar  already.  So  far,  my  site  is  the  only  one  running  it  as  it  will  be  for  the  most  part  on  Evo  3.  Granted,  Lonestar  is  moving  the  Recaptcha  color  selection  that  is  currently  in  the  General  Site  area  to  the  theme  area  so  it  will  be  determined  by  the  theme  and  not  one  color  for  all  themes.  Granted,  there  are  only  two  colors.  You  can  read  more  here: https://www.headshotdomain.net/modules.php?name=Forums&file=viewtopic&t=1559&highlight=recaptcha
 
 My  overall  main  thought  for  this  was  for  more  of  Admin  security,  but  I  figured,  if  we  do  put  it  into  the  system  for  admins,  might  as  well  do  all  members  of  the  CMS.  Granted,  we  don't  really  store  "Private"  info  in  the  CMS,  there  is  still  a  chance  of  people  messing  with  you  or  your  account.  Of  course  it  would  be  100%  optional  to  use  it  or  not  per  user  account.
Back to top
View user's profile Send private message Visit poster's website
Sponsor
JoshJ




Joined: Jun 05, 2018
Posts: 18

Reputation: -3.3
votes: 1


Status: Offline
PostPosted: Tue Jun 05, 2018 12:47 pm Post subject: No icon Re: You think we should implement 2FA? - PLEASE READ & V Reply with quote

 Remote  OAuth  requires  you  to  'trust'  the  social  services  you  are  subscribing  to:  FaceBook,  Google,  LinkedIn,  AoL  (yeah  they  have  an  API  too  ),  blah  blah  blah  .... 
 
 My  first  question  is  why  in  hell  would  anyone  believe  there  are  'LESS'  spammers,  and  'fake  accounts'  (  didn't  facebook  just  announce  that  they  removed  2  million  user  accounts  for  being  fake  entities?  )  on  Social  Media  to  Authenticate  from?  Bryan  Seely  demonstrated  how  easy  it  is  to  register  deceptive  persons,  businesses,  &  entities  through  Google  back  in  (  2012  /2013  )  and  those  security  exploits  exist  even  this  current  day,  so  why  in  hell  would  anyone  believe  that  their  service  would  ever  be  worth  a  secure  authentication?  (  Their  Liar  Accounts  then  become  your  personal  members  too?  )
 
 Lets  not  forget  how  easy  it  is  to  record  keypress  in  javascript  on  a  users  input  entry  ...  anyone  with  access  to  the  files  of  a  website  can  easily  record  any  and  all  keypress  on  any  connection  to  the  website  (  How  well  do  any  of  you  actually  TRUST  the  people  running  the  websites  that  you  frequently  visit  ?  )
 
 As  far  as  SMS  goes  ....  there  are  very  few  'Free'  services  that  grant  gateway  access  to  sending  SMS.  And  those  that  are  free,  are  usually  very  limited.  In  the  even  that  a  website  owner  is  honestly  willing  to  pay  for  the  service  of  sending  SMS,  then  that  provider  nearly  always  provides  an  API  to  do  so  (  1  line  of  code  to  send  an  SMS  )  ...  so  what  is  all  this  'talk  of  adding  a  feature  that  is  'standard'  to  the  CMS?  Each  API  ive  seen  (  ive  been  writing Asterisk for  over  2  years  )  usually  have  different  protocols  ....
 
 On  to  the  actual  Topic  in  its  context  ....  WHY  the  obsession  with  'security'?  Evo  has  been  predominately  used  by  Gamers  ....  their  security  breaches  have  often  been  attributed  to  their  own  members  having  access  and  either  being  exploited,  or  granted  to  an  offending  party  (  You  can  not  write  a  script  to  block  stupidity!!!  )  As  for  IP  recording  ...  again,  think  about  all  of  the  wi-fi  connections  that  your  device  connects  to  in  a  single  day!  Evo  has  been  banning  non  offending  IP  addresses  for  the  last  10  years,  and  yet  you  can't  seem  to  understand  why  Evo  has  lost  its  popularity!
 
  There  is  no  such  thing  as  100%  secure,  and  most  security  can  be  achieved  using  common  sense  practices  (  like  not  trusting  social  authentications,  not  granting  people  access  to  your  private  information  (  phone  number  ),  not  trusting  people  with  your  authentication  details  (  Help  my  website,  here  is  my  FTP  login  info  )  )....
 
 OAuth  =  lazy  solutions  to  stupidity  that  ultimately  create  additional  problems.
  
Back to top
View user's profile Send private message
coRpSE
Site Admin
Site Admin
Xtreme Developer
Xtreme Developer



Gender: Gender:Male
Joined: Dec 24, 2008
Posts: 1397
Location: Back of your mind!!!
Reputation: 212
votes: 11
usa.png


Status: Offline
Web Control Panel: 11.42.0 (build 23)
PHP Version: 5.4.24
SQL Version: 5.5.37-35.1-log
PostPosted: Tue Jun 05, 2018 7:27 pm Post subject: No icon Re: You think we should implement 2FA? - PLEASE READ & V Reply with quote

  JoshJ  wrote:
Remote  OAuth  requires  you  to  'trust'  the  social  services  you  are  subscribing  to:  FaceBook,  Google,  LinkedIn,  AoL  (yeah  they  have  an  API  too  ),  blah  blah  blah  .... 
 
 My  first  question  is  why  in  hell  would  anyone  believe  there  are  'LESS'  spammers,  and  'fake  accounts'  (  didn't  facebook  just  announce  that  they  removed  2  million  user  accounts  for  being  fake  entities?  )  on  Social  Media  to  Authenticate  from?  
 
 ed  how  easy  it  is  to  register  deceptive  persons,  businesses,  &  entities  through  Google  back  in  (  2012  /2013  )  and  those  security  exploits  exist  even  this  current  day,  so  why  in  hell  would  anyone  believe  that  their  service  would  ever  be  worth  a  secure  authentication?  (  Their  Liar  Accounts  then  become  your  personal  members  too?  )
 
 Lets  not  forget  how  easy  it  is  to  record  keypress  in  javascript  on  a  users  input  entry  ...  anyone  with  access  to  the  files  of  a  website  can  easily  record  any  and  all  keypress  on  any  connection  to  the  website  (  How  well  do  any  of  you  actually  TRUST  the  people  running  the  websites  that  you  frequently  visit  ?  )
 
 As  far  as  SMS  goes  ....  there  are  very  few  'Free'  services  that  grant  gateway  access  to  sending  SMS.  And  those  that  are  free,  are  usually  very  limited.  In  the  even  that  a  website  owner  is  honestly  willing  to  pay  for  the  service  of  sending  SMS,  then  that  provider  nearly  always  provides  an  API  to  do  so  (  1  line  of  code  to  send  an  SMS  )  ...  so  what  is  all  this  'talk  of  adding  a  feature  that  is  'standard'  to  the  CMS?  Each  API  ive  seen  (  ive  been  writing Asterisk for  over  2  years  )  usually  have  different  protocols  ....
 
 On  to  the  actual  Topic  in  its  context  ....  WHY  the  obsession  with  'security'?  Evo  has  been  predominately  used  by  Gamers  ....  their  security  breaches  have  often  been  attributed  to  their  own  members  having  access  and  either  being  exploited,  or  granted  to  an  offending  party  (  You  can  not  write  a  script  to  block  stupidity!!!  )  As  for  IP  recording  ...  again,  think  about  all  of  the  wi-fi  connections  that  your  device  connects  to  in  a  single  day!  Evo  has  been  banning  non  offending  IP  addresses  for  the  last  10  years,  and  yet  you  can't  seem  to  understand  why  Evo  has  lost  its  popularity!
 
  There  is  no  such  thing  as  100%  secure,  and  most  security  can  be  achieved  using  common  sense  practices  (  like  not  trusting  social  authentications,  not  granting  people  access  to  your  private  information  (  phone  number  ),  not  trusting  people  with  your  authentication  details  (  Help  my  website,  here  is  my  FTP  login  info  )  )....
 
 OAuth  =  lazy  solutions  to  stupidity  that  ultimately  create  additional  problems.
  
 

 This  is  why  it  is  put  up  to  a  vote.  Some  people  feel  that  security  is  a  concern  and  they  like  to  feel  as  protected  as  they  can  where  others  just  don't  care  either  way.  But,  before  an  effort  is  put  in  to  implementing  this,  we  ask  to  see  if  its  something  people  are  looking  at  having  put  in.  As  for  there  being  "less  spammers"  or  "fake  accounts",  I  don't  believe  that  was  even  mentioned  in  this  thread  about  this  topic.
 
 You  are  100%  correct  in  saying  that  there  is  no  such  thing  as  100%  secure,  and  only  a  fool  would  think  such  a  thought,  but,  not  looking  or  taking  any  and  all  possible preventive  action  is  just  as  big  of  a  foolish  move.  There  are  many  examples  I  could  use,  especially  something  like  your  house/apartment/condo/flat  in  which  uses  a  simple  pin  &  tumbler  lock  that  can  easily  be  bypassed.  But  what  it  comes  down  to  is  just  making  your  account  a  less  attractive  of  a  target  since  it  would  required  for  multiple  steps  to  gain  access,  just  like  if  you  were  to  get  a  alarm  and  a  guard  dog.  Still  ways  around  it,  but,  it  is  a  less  attractive  target.
 
 Most  common  mistake  done  by  people  which  compromise  there  info  is  to  use  simple  passwords,  and  use  those  passwords  on  multiple  sites.  Using  the  same  credentials  everywhere  you  go  on  the  net  where  you  create  accounts  is  a  huge  red  flag.  Unique  passwords  for  each  site  is  your  best  bet,  but,  remembering  those  passwords  is  another  story.  I  also  recommend  not  using  a  word  with  some  combination  of  symbols  and  phrases,  but  use  more  of  a  sentence  or  a  phrase  that  you  can  remember.  A  comic  I  remember  was  from  xkcd.com  which  I  believe  they  have  it  correct,  which  I  quote,  "Through  20  years  of  effort,  we've  successfully  trained  everyone  to  use  passwords  that  are  hard  for  humans  to  remember,  but  easy  for  computers  to  guess.".
 
 

 
 But  when  it  comes  down  to  it,  some  people  will  like  2FA  authentication,  and  other  won't.  I  do  sort-of  agree  that  it  not  really  being  a  thing  for  a  CMS  like  this,  but  for  others,  they  may  want  a  system  like  this  in  here  for  the  added  security.
Back to top
View user's profile Send private message Visit poster's website
JoshJ




Joined: Jun 05, 2018
Posts: 18

Reputation: -3.3
votes: 1


Status: Offline
PostPosted: Tue Jun 05, 2018 11:48 pm Post subject: No icon Re: You think we should implement 2FA? - PLEASE READ & V Reply with quote

 Fake  Accounts  has  always  been  the  major  factor  of  all  security  violations  in  ALL  CMSs  since  the  dawn  of  CMS  ....  Webmasters  complaints  are  based  on  "i  don't  know  who  these  people  are,  and  the  IPs  they  are  coming  from"  ....   while  Membership  complaints  have  always  blamed  webmasters  for  breaches  usually  due  the  fault  of  their  own  ignorance.  Evos  policy  has  always  been  to  accommodate  the  majority  which  is  nearly  always  based  on  stupidity  ....  The  ending  result  has  always  been  "Let's  Add  more  poop  ontop  of  the  poop  we  don't  want  to  take  responsibility  for".  (  Example....  lets  write  at  least  1000  lines  of  code  to  prevent  malicious  code  injection  into  a  forum  post  to  stop  the  "eval"  function  from  processing  it   ....  the  best  solution  would  have  been  to  remove  the  'eval()'  function  and  exchange  it  with  your  own  parser.  )  ....  but  the  gist  of  simply  adding  a  functionality  to  import  misinformation  from  3rd  party  social  is  not  a  solution,  in  fact,  it  IS  adding  additional  problems.
 
 Look  back  at  all  of  the  history  of  website  breaches,  with  over  90%  of  the  exploitation  being  attributed  to  psychological  hacking  ...  You  don't  really  need  to  be  able  to  hack  your  way  into  a  website,  when  you  can  simply  manipulate  what  you  want  from  the  administration.
 
 As  for  simple  passwords,  Evos  solution  was  to  convince  people  to  change  habits  (  bad  idea  ),  when  the  real  solution  would  have  been  to  lock  any  account  with  an  email  to  unlock  upon  X  consecutive  failed  attempts.  The  fact  that  a  system  would  even  allow  someone  to  sit  on  a  website  and  manually  brute  force  authentication  was  the  root  cause.
 
 PS:  Sorry  Corpse,  You  know  of  me  (  my  other  accounts  ),  but  i  honestly  don't  really  remember  much  about  you  unless  you  are  the  same  Corpse  from  old  Evo  with  Tech  &  Jeff. 
Back to top
View user's profile Send private message
Sponsor
coRpSE
Site Admin
Site Admin
Xtreme Developer
Xtreme Developer



Gender: Gender:Male
Joined: Dec 24, 2008
Posts: 1397
Location: Back of your mind!!!
Reputation: 212
votes: 11
usa.png


Status: Offline
Web Control Panel: 11.42.0 (build 23)
PHP Version: 5.4.24
SQL Version: 5.5.37-35.1-log
PostPosted: Wed Jun 06, 2018 12:05 pm Post subject: No icon Re: You think we should implement 2FA? - PLEASE READ & V Reply with quote

 If  you  are  Bayler,  then  I  met  you  when  I  was  working  on  ClanTheme  with  Ped,  Noto,  and  Floppy.  This  is  back  when  I  was  using  RavenNuke  and  never  gave  Evolution  2.0.7  a  try,  so  you  convinced  me  to  at  least  give  it  a  chance.  This  was  pre  Evo  Xtreme.
Back to top
View user's profile Send private message Visit poster's website
JoshJ




Joined: Jun 05, 2018
Posts: 18

Reputation: -3.3
votes: 1


Status: Offline
PostPosted: Wed Jun 06, 2018 10:42 pm Post subject: No icon Re: You think we should implement 2FA? - PLEASE READ & V Reply with quote

 I  recall  PED  &  Floppy  well  ...  in  fact,  I  met  Floppy  on  his  trip  to  Disney  World  (  My  house  was  only  45  minutes  away  at  that  time  )  .....
 
 I  miss  those  good  ole  days  ...  that  was  back  when  Designers  were  competitive  (  hence  why  everyone  was  always  fighting  -  my  regret  was  that  nobody  would  ever  agree  to  encryption  to  protect  the  3rd  party  development  /  designs  [  Gaz  was  at  least  willing  to  attempt  it  ]  )  and  were  what  kept  Nuke  Alive...  Now  there  is  simply  nothing  left.
 
 Meh  ....  my  life  has  drastically  changed  since  then  ...  I  own  a  lot  of  'odd  businesses'  through  out  the  world  now  ....  I  own  a  house  in  Estonia,  A  Humidifying  Air  Conditioning  manufacturer  in  Iran,  a  Night  Club  in  the  Republic  of  Georgia,  a  Pharmaceutical  Venom  Extraction  system  in  Viet  Nam  .....  Jesus  life  has  changed  so  much  since  the  ole  days.
 The  only  thing  that  has  remained  the  same  is  that  I  still  hold  the  title  for  Nukes  biggest  'A-hole'  award  ....  and  im  still  proud  of  that...
 
 Back  on  topic  ....
 
 The  only  'Good  Thing'  I  can  claim  about  Remote  OAuth  is  the  simplistic  registration  system  ....  Lets  say  that  your  registration  system  has  5  or  6  fields  of  a  form  to  register  as  well  as  email  validation  ....  with  OAuth,  you  can  literally  import  the  profile  data  from  the  third  party  service  (  including  phone  numbers  )  ....
 https://github.com/hybridauth/hybridauth  -  is  an  example  of  one  I  often  use  (  I  keep  this  stripped  down  a  lot  more  than  the  public  release  )  ....  but  in  the  end,  the  only  'good'  effect  i  can  ever  credit  such  systems  is  to  allow  a  person  to  register  on  a  website  with  2  clicks  instead  of  filling  out  multiple  forms  ...  (  Google  /  Facebook  /  Twitter  )  already  validate  email,  thus  allowing  a  webmaster  to  not  have  to  send  email  validation  to  check  what  others  have  already  validated.
 
 But  again,  using  such  a  service  forces  the  webmaster  to  adopt  ALL  the  problems  of  that  service  (  which  is  the  core  security  problem  ).
 
  
Back to top
View user's profile Send private message
Display posts from previous:
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.   printer-friendly view    Evolution-Xtreme Forum Index ->  General Chat All times are UTC - 5 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Related topics
 Topics   Replies   Author   Views   Last Post 
No new posts No one has been able to create an account in 1+ months 6 konfusion 4352 Fri Nov 18, 2011 10:46 pm
konfusion View latest post
No new posts Another Block Title Question... 1 Mortician 1950 Thu Dec 23, 2010 5:40 pm
SgtLegend View latest post
No new posts Transfering forum posts from one site to another 3 redrock 2731 Thu Dec 09, 2010 6:08 pm
mrsmith25 View latest post
No new posts another error 4 SCT951 2660 Sat Nov 06, 2010 10:15 pm
SCT951 View latest post
No new posts [Resolved] Shout box Problem - Only Admin able to shout ??? 8 Evil_Blue 3843 Thu Oct 07, 2010 7:58 am
Evil_Blue View latest post
 




Powered by phpBB © 2001, 2006 phpBB Group
EvoXtreme Theme by SgtLegend ©
Forums ©