Go Down

Topic: Login form on main page (Read 1 time) previous topic - next topic

zonedabone

Feb 04, 2011, 04:27 am Last Edit: Feb 04, 2011, 04:40 am by zonedabone Reason: 1
Here's a really easy improvement that could be made to the template. Please add a username and password field to the userbar section when a user isn't logged in. Just to show people what I mean, I used firebug to insert my idea (A simple copy of the form on the login page) into my version of the site. Here's how it looks. Of course, improvements could be made to the system, but that's a start. Just a mod of the template and a bit of css change to make it look okay.

The second idea is to have the username and password input be on the top bar. This would make it available on every page including the home page. The image idea2 shows a rough idea of what that would look like.

u0421793

Careful you don't push all the useful content below the fold, with all that depth-consuming constant furniture up there. The screen size is only 575 pixels deep on my mini10v netbook, and most of that seems to be taken up with the menubar and the browser's own paraphernalia before one gets to see anything that might compel one to continue reading.

zonedabone

idea2 uses no more space than the current site. It just replaced the help and login links with credential fields.

mowcius


GaryP

And why, why, why...?

These days we all (?) have widescreen displays, right? Why can't the sides be used for all kind of menus and other usefull stuff?

Internet is not horizontal, it's vertical.

One of these days I going to rotate my display 90 degrees, even if the stand can't handle it.


I must say anyway one important thing; this all is free for us, we shouldn't complain too much. Some people are giving us all this, and we are not happy???


Cheers,
"Extremely happy user" Kari
The only law for me; Ohms Law: U=R*I       P=U*I
Note to self: "Damn! Why don't you just fix it!!!"

mowcius

Quote
Internet is not horizontal, it's vertical.

Yeah but text is horizontal... You telling me you have your taskbar on the side of the screen? No?
Vertical pinned menus on websites are awful.

Anyway, I wouldn't say this is complaining. These are called suggestions  :P

I am happy but I think this is a good idea - and as was said, the bar is there anyway, might as well add in the login boxes when you're not logged in.

zonedabone

This would actually be VERY easy to implement.  Just replace the help, login, register thing with a tiny little login form.This doesn't even require a change to the css. (idea 2) Maybe if enough people like it it will be implemented.

zonedabone

Please could people vote for their preference on the poll? If we get enough votes the team might take notice.

David Cuartielles

Guys,

before we go all crazy :) I think you deserve an explanation on how the SSO works and why we haven't implemented the feature you request (yet). This doesn't mean we are looking into feasible methods, but for now it is not possible because:

- the SSO (single sign on) system resides in its own separate server protected with a certificate to ensure there is a secure connection and that your usernames and passwords don't fly over the internet unprotected

- the different websites are having their own way to identify users and we make them request a secret token from the SSO server to identify the user and make sure he/she is logged in

- the scenarios you guys suggest imply that, at this point, we should let the passwords fly freely from e.g. the forum into the SSO server and that is a solution we are not willing to implement because of its high risk

In other words, we understand he usability issues mentioned in this topic, but it is nothing we are going to implement now since it would mean putting the whole Arduino website under https, which according to some reports it could slow the server up to 5 times depending on the case. We need to make a lot of performance tests before we can do that.

zonedabone


Guys,

before we go all crazy :) I think you deserve an explanation on how the SSO works and why we haven't implemented the feature you request (yet). This doesn't mean we are looking into feasible methods, but for now it is not possible because:

- the SSO (single sign on) system resides in its own separate server protected with a certificate to ensure there is a secure connection and that your usernames and passwords don't fly over the internet unprotected

- the different websites are having their own way to identify users and we make them request a secret token from the SSO server to identify the user and make sure he/she is logged in

- the scenarios you guys suggest imply that, at this point, we should let the passwords fly freely from e.g. the forum into the SSO server and that is a solution we are not willing to implement because of its high risk

In other words, we understand he usability issues mentioned in this topic, but it is nothing we are going to implement now since it would mean putting the whole Arduino website under https, which according to some reports it could slow the server up to 5 times depending on the case. We need to make a lot of performance tests before we can do that.


His is coming from my severely limited knowledge base, but would it be feasible to submit the login information via a javascript that can make a separate connection to the secure server?

Also, many logins don't have https. They use post. Considering the fact that we're not storing out SS #s on here, I think that post would be fine. =)

Again, this is out of my limited knowledge. I hereby release this post into the public domain.  :)

David Cuartielles

Again, we need to keep things under https for several reasons:

- we want to avoid your information to be stolen, according to the regulations at many places (let's not make a list at this point) it is the domain's owner responsibility to keep user data protected, erase it in case the user requests it, etc

- we are preparing for launching Arduino for schools, and minors' information is even more sensitive than the one for adults

- we are about to launch a store, and there safe connections are pretty important

- there is no way we are going to just use POST to send the data over the net, we were doing it in the past, just because our technology wasn't ready. If you want more reasons why you could just take a look at one very easy example: http://codebutler.com/firesheep with tools like that one, available for anybody, anyone could take your data just by sitting at the same open WiFi you could be using ... not talking about an expert doing it, but literally anyone

- you are right about the ajax solution to send the information, and it is among the list of things we might implement. But we have a long list of things to do before that, that is why I said this feature request will come, but I don't have it in my roadmap yet :-)

I hope I could make our concerns regarding security properly understood.

/d

Go Up