14 replies to this topic

[Axylus]

I've noticed some issues with the recent forum update:

• Every user's date of birth is now visible on their profile.
  
  In addition to being a violation of privacy, this is also a security risk because your date of birth is requested by many organisations as proof of your identity.
• The authentication process isn't secure.
  
  The forum no longer directs you to a secure page to authenticate ("log in").

Edit: Both of these issues have been resolved.

Edited by richard, 15 March 2012 - 03:28 PM.

[Kamuro]

I've noticed some issues with the recent forum update:

• Every user's date of birth is now visible on their profile.
  
  In addition to being a violation of privacy, this is also a security risk because your date of birth is requested by many organisations as proof of your identity.

This may be addressed later by another administrator, as it is a display problem.

• The authentication process isn't secure.
  
  The forum no longer directs you to a secure page to authenticate ("log in").

The authentication is supposed to be secure, but it is transparent. It is supposed to submit to an HTTPS link, despite the entry page is not. Though I am still verifying this. I will keep you posted on this regard.

[Axylus]

Okay, thanks!

Sorry to trouble you with another potential problem, but are e-mail notifications working? I didn't receive one when you posted your reply.

Edit:

The authentication is supposed to be secure, but it is transparent. It is supposed to submit to an HTTPS link, despite the entry page is not. Though I am still verifying this. I will keep you posted on this regard.

Ah, yes, tcpdump does appear to show that the form is submitted using a secure connection. I suppose that web browsers need to be improved to indicate in advance when a form will be submitted securely.

Edited by richard, 12 March 2012 - 11:49 AM.

[Kamuro]

Okay, thanks!

Sorry to trouble you with another potential problem, but are e-mail notifications working? I didn't receive one when you posted your reply.

E-mails are not intended to be enabled, actually. So, not only is it not configured on the back end, it will be disabled.

Edit:



Ah, yes, tcpdump does appear to show that the form is submitted using a secure connection. I suppose that web browsers need to be improved to indicate in advance when a form will be submitted securely.

I disabled the pop-up so that it uses the full page load instead, so that the SSL is more apparent.

[espeon]

Testing whether Unicode support is fixed: ★

This requires further testing… for science!


(╯°□°）╯︵ pɹɐɥɔıɹ



Hmm… Looks like I caught an issue myself. If you're using the WSYIWYG editor, you cannot use the tab key to tab out of it.

[Hinkypunk]

E-mails are not intended to be enabled, actually. So, not only is it not configured on the back end, it will be disabled.

What is the purpose of having email notifications disabled? They were enabled in the previous version of this board...as well as every other IP.Board I've ever used/administered.

Furthermore, the privacy issue with user birthdates, as mentioned by richard, appearing by default on user profile s with this board upgrade is really serious. That information needs to be set to hidden by default.

[Kamuro]

What is the purpose of having email notifications disabled? They were enabled in the previous version of this board...as well as every other IP.Board I've ever used/administered.

If it was on in the previous version, it may not have been intended to my knowledge, because I do not remember having set the necessary supporting infrastructure for it. Such as SPF, reverse DNS, and other things necessary for email to pass through spam filters correctly. However, the decision to enable or disable it, is up to the Community Managers and some of the other Administrators; but based on their decision, I provide the necessary support to make it happen.

Furthermore, the privacy issue with user birthdates, as mentioned by richard, appearing by default on user profile s with this board upgrade is really serious. That information needs to be set to hidden by default.

Apparently, the people at IPS disagree with you and I, as they do not and refuse to provide for such an option to set it and then control its display. It is being looked at by Calanor at this time to hack it off the display or bypass it.

[lainee]

However, the decision to enable or disable it, is up to the Community Managers and some of the other Administrators; but based on their decision, I provide the necessary support to make it happen.

As it was enabled on the previous board (and is a useful function) can you as the board admin make it known to the CMs and request that it be re-enabled?

[Xellie]

please just remove the dob from the templates then.... I'm not comfortable with that information being visible. The IPB people only really created this as a forum for a forum, not a forum for WP and therefore didn't keep security issues that may come with WP in mind.

[ZeroTigress]

Dude, why are you guys and Anime Expo downgrading to this retarded layout? I don't get it. If you're trying to make the forums look as messy as the games, you've succeeded. This is a fansite kind of forum, not something you should be using for a supposedly professional business.

And until we get our privacy options back, I'm deleting my DOB.

[Freja]

E-mails are not intended to be enabled, actually. So, not only is it not configured on the back end, it will be disabled.

Enable it, please!

[Calanor]

DOB and Age no longer show in the user Profile page.

Email Functions are disabled, they are for now going to remain that way as Kamuro stated the server isn't setup to support sending emails so its disabled for now.

@Zero, if you don't like the default theme you can pick from a few others that are available in the lower left of the forums. If your just unhappy then give something of value in terms of feedback as to what drives you nuts.

[ZeroTigress]

@Zero, if you don't like the default theme you can pick from a few others that are available in the lower left of the forums. If your just unhappy then give something of value in terms of feedback as to what drives you nuts.

You need only compare this forum layout to the previous one to get a visual explanation as to why it feels the way it is to me. But if you want my most major peeves about this forum, which I doubt you'll be able to change in this layout, here they are:

- Subforum links are too close together. It's hard to distinguish sub-forums when they're laid out like a college student's class notes. The previous forums spaced them apart nicer.

- Quotes suffer from the same problem in addition to looking like unnecessary buttons. The previous layout had better spacing and the quotes look like they were part of a post instead of sticking out. (Even colored, the old quotes didn't stick out too much because of the light coloration. In fact, the coloration made them easier to distinguish than the current grey quotes. This is especially true of nested quotes, as you can see in my signature.)

- Profiles had a much better layout in the old forums with comments and statuses being on the first page and community stats on the left side under the avatar. I and other people have a lot of information shoved into the About Me section so the old layout is more beneficial because it showed that on another page. (The old profiles also showed my image banners.) I also like the comment feature on the old layout, which allowed people to leave hellos without having to respond to my status updates or resort to filling up my PM inbox.

Now if you can post what you mods didn't like about the old forums, that would allow us to see things from your perspective. Because I thought the old forums were great up until that first DDOS attack which screwed up RO's Community Chat, causing it to load much slower than any other part of the forums. If you changed it for security issues, this doesn't feel like a step up.

[Maka]

You need only compare this forum layout to the previous one to get a visual explanation as to why it feels the way it is to me. But if you want my most major peeves about this forum, which I doubt you'll be able to change in this layout, here they are:

- Subforum links are too close together. It's hard to distinguish sub-forums when they're laid out like a college student's class notes. The previous forums spaced them apart nicer.

- Quotes suffer from the same problem in addition to looking like unnecessary buttons. The previous layout had better spacing and the quotes look like they were part of a post instead of sticking out. (Even colored, the old quotes didn't stick out too much because of the light coloration. In fact, the coloration made them easier to distinguish than the current grey quotes. This is especially true of nested quotes, as you can see in my signature.)

- Profiles had a much better layout in the old forums with comments and statuses being on the first page and community stats on the left side under the avatar. I and other people have a lot of information shoved into the About Me section so the old layout is more beneficial because it showed that on another page. (The old profiles also showed my image banners.) I also like the comment feature on the old layout, which allowed people to leave hellos without having to respond to my status updates or resort to filling up my PM inbox.

Now if you can post what you mods didn't like about the old forums, that would allow us to see things from your perspective. Because I thought the old forums were great up until that first DDOS attack which screwed up RO's Community Chat, causing it to load much slower than any other part of the forums. If you changed it for security issues, this doesn't feel like a step up.

I agree with you on the profile layouts. I like the old ones. However I do like the About Me being on the front page, mostly because I put work into mine.. well a little bit.

[Calanor]

I will work on the spacing some more with the base theme and then work on the others.
I removed some of the extra spacing earlier in the week but I do agree that there are some minor tweaks that we can do to improve the use-ability for you guys/gals.

Just pester me if you think I may have forgotten.


The profiles maybe a bit more tricky for me to do, tbh;
I will look into it more though and see what is easily possible for me.