blackcat
Since: Apr, 2009
#3: Jun 12th 2011 at 11:09:41 AM
While I'm ordinarily a fan of strong security, considering this is a wiki where registering is rather informal and doesn't even require so much as an e-mail address, I can't see getting worked up about it.
Worse that could happen is someone hacks your account and posts an edit or forum post that gets you banned, but I doubt anyone would want to bother.
Apparently I am adorable, but my GF is my #1 Groupie. (Avatar by Dreki-K)
VmKid
Since: Sep, 2009
Fighteer
Lost in Space
from The Time Vortex
(Time Abyss)
Relationship Status: TV Tropes ruined my love life
#5: Jun 13th 2011 at 7:17:12 AM
Speaking directly as a moderator, you'll undoubtedly forgive us, RaymondBlaise, if we ignore a bile-filled and insulting rant from a person who apparently created a handle for the sole purpose of telling us we're a bunch of idiots. Now go perform anatomically impossible acts upon yourself.
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
Total posts: 5

TL;DR version: the account system is a prime example of Idiot Programming. I want it fixed. Now!
Hello. I've been lurking on this wiki for, I don't know, maybe it's a year now, first editing anonymously and, after the Google Incident, as arthurdent. Thanks for blocking that one, by the way. Some sarcasm intended, but I do understand this one. This is not the issue, or even an issue. I was going to create my own account one day anyway, so I figured this is a perfect occasion.
Onto the rant. I go to the knower form and enter a handle. Since I want to avert The Password Is Always "Swordfish", I open up command line to generate a random string of 64 characters. Bzzzt! No punctuation allowed. Well, it's quite stupid, but whatever. I generate another string of random characters, this time substituting spaces for non-alphanumeric characters. Same message. Oh well, space is punctuation. I learn something new every day. I generate another 64-character long string of just numbers and letters of random case. This time it tells me that the handle I picked is already taken. Seriously?! You're telling me that now? I make up another handle, and I am told my account has been created. Hooray! So I go to edit a page. "Sorry, we could not match your login information". Wait, what? I have just registered! I go back to the login form, it tells me I am logged in. I go to change my password and I see a form with my password written in a field, in white characters on a bluish background (default in my OS theme). Nice, someone is storing passwords in plaintext. Great security. I try to change it and I am told that I cannot log in. So, I guess my account has not been created at all. I "log out" and try to create it again, this time with a shorter password. "Sorry, only one account per IP address". FUCK! I reboot my router to get a new IP. And after several cycles of register, fail-to-edit and router-reboot I finally get registered. In the meantime I learned how logging in and sessions are handled on this site. The technical term for this method is "a fucking disaster". AJAX GET request?! It just takes a URL sniffer to get my password?! Sending my username and password in every page request, in cookies, IN PLAINTEXT?! Well, time to go to some unsecured WiFi and meet fellow tropers! And by "meet" I mean steal their accounts by hijacking cookies.
Please. A random session ID, and passwords stored encrypted/hashed-with-salt is a minimum. I would also appreciate SSL or TLS, but won't insist on it. And put in some fucking error checking. Ever heard of Murphy's law? Or Finagle's, which is different, but also applies? When one fails to register, they want it to be told to them IMMEDIATELY, for fuck's booze.
Excuse me for breaking any Rules, but I think the issue is important and I needed to relieve myself. Also, subtlety doesn't play well with the 'Net. This is no bank, just a wiki for anime and webcomic nerds (me included), but please, live up to some standards. There is more to complain, but I'll save that for a time when I'll think up a solution (and possibly create some implementation thereof).
KTHXBAI.
Other dogs bite only their enemies, whereas I bite also my friends in order to save them.