akickku
02-15-2005, 07:28 AM
After several months of developers whining to the HT's in the chpp conference, they released this notice today. Basically, everyone will have two passwords for their club. Your main password, and a secondary password that you can give out that won't allow anything to change to your club, posted by HT-Jonas:
We have decided to implement a "readonly"-password, to be used by CHPP. The reason for this is twofold:
- We don't risk that a CHPP that have gone havoc collects real passwords and uses them to destroy teams.
- The users will more readily use CHPP-apps since the security problems are avoided.
The change will be employed in several steps.
Information given to CHPP (this text).
...
defaulthelp.asp updated with new info.
...
New input-field added to login-procedure, "readonlypassword".
When logging in with readonlypassword, the session will be deemed as ReadOnly
Only actions deemed secure by HT will be accessible in ReadOnly-sessions. This of course includes XMLs available today.
...
Users will be able to set ReadOnly-passwords
Users will be briefed about the purpose with ReadOnly-passwords
CHPP-devs rolls out new versions, using "readonlypassword" instead of "password"
...
It will no longer be possible to login with logintype="CHPP" and "password" (the current combo)
... denotes lapses in time.
We have decided to implement a "readonly"-password, to be used by CHPP. The reason for this is twofold:
- We don't risk that a CHPP that have gone havoc collects real passwords and uses them to destroy teams.
- The users will more readily use CHPP-apps since the security problems are avoided.
The change will be employed in several steps.
Information given to CHPP (this text).
...
defaulthelp.asp updated with new info.
...
New input-field added to login-procedure, "readonlypassword".
When logging in with readonlypassword, the session will be deemed as ReadOnly
Only actions deemed secure by HT will be accessible in ReadOnly-sessions. This of course includes XMLs available today.
...
Users will be able to set ReadOnly-passwords
Users will be briefed about the purpose with ReadOnly-passwords
CHPP-devs rolls out new versions, using "readonlypassword" instead of "password"
...
It will no longer be possible to login with logintype="CHPP" and "password" (the current combo)
... denotes lapses in time.