Poll
Question: What do you think of these two ideas?
I like idea 1 and idea 2.
I like idea 1 but not idea 2.
I like idea 2 but not idea 1.
I like neither idea.

Pages: [1]   Go Down
Author Topic: Login form on main page  (Read 889 times)
0 Members and 1 Guest are viewing this topic.
0
Offline Offline
Newbie
*
Karma: 1
Posts: 38
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Here's a really easy improvement that could be made to the template. Please add a username and password field to the userbar section when a user isn't logged in. Just to show people what I mean, I used firebug to insert my idea (A simple copy of the form on the login page) into my version of the site. Here's how it looks. Of course, improvements could be made to the system, but that's a start. Just a mod of the template and a bit of css change to make it look okay.

The second idea is to have the username and password input be on the top bar. This would make it available on every page including the home page. The image idea2 shows a rough idea of what that would look like.


* idea.PNG (19.02 KB, 848x451 - viewed 23 times.)

* idea2.png (18.73 KB, 790x451 - viewed 18 times.)
« Last Edit: February 03, 2011, 10:40:03 pm by zonedabone » Logged

London, GB
Offline Offline
Sr. Member
****
Karma: 7
Posts: 332
Nothing works.
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Careful you don’t push all the useful content below the fold, with all that depth-consuming constant furniture up there. The screen size is only 575 pixels deep on my mini10v netbook, and most of that seems to be taken up with the menubar and the browser’s own paraphernalia before one gets to see anything that might compel one to continue reading.
Logged

0
Offline Offline
Newbie
*
Karma: 1
Posts: 38
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

idea2 uses no more space than the current site. It just replaced the help and login links with credential fields.
Logged

North Yorkshire, UK
Offline Offline
Faraday Member
**
Karma: 104
Posts: 5531
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

+1 for this smiley
Logged

Espoo, Finland
Offline Offline
God Member
*****
Karma: 6
Posts: 586
"Oops, try again..."
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

And why, why, why...?

These days we all (?) have widescreen displays, right? Why can't the sides be used for all kind of menus and other usefull stuff?

Internet is not horizontal, it's vertical.

One of these days I going to rotate my display 90 degrees, even if the stand can't handle it.


I must say anyway one important thing; this all is free for us, we shouldn't complain too much. Some people are giving us all this, and we are not happy???


Cheers,
"Extremely happy user" Kari
Logged


The only law for me; Ohms Law: U=R*I       P=U*I
Note to self: "Damn! Why don't you just fix it!!!"

North Yorkshire, UK
Offline Offline
Faraday Member
**
Karma: 104
Posts: 5531
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
Internet is not horizontal, it's vertical.
Yeah but text is horizontal... You telling me you have your taskbar on the side of the screen? No?
Vertical pinned menus on websites are awful.

Anyway, I wouldn't say this is complaining. These are called suggestions  smiley-razz

I am happy but I think this is a good idea - and as was said, the bar is there anyway, might as well add in the login boxes when you're not logged in.
Logged

0
Offline Offline
Newbie
*
Karma: 1
Posts: 38
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

This would actually be VERY easy to implement.  Just replace the help, login, register thing with a tiny little login form.This doesn't even require a change to the css. (idea 2) Maybe if enough people like it it will be implemented.
Logged

0
Offline Offline
Newbie
*
Karma: 1
Posts: 38
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Please could people vote for their preference on the poll? If we get enough votes the team might take notice.
Logged

Forum Administrator
MMX
Offline Offline
Edison Member
*****
Karma: 37
Posts: 1139
hallo kompis
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Guys,

before we go all crazy smiley I think you deserve an explanation on how the SSO works and why we haven't implemented the feature you request (yet). This doesn't mean we are looking into feasible methods, but for now it is not possible because:

- the SSO (single sign on) system resides in its own separate server protected with a certificate to ensure there is a secure connection and that your usernames and passwords don't fly over the internet unprotected

- the different websites are having their own way to identify users and we make them request a secret token from the SSO server to identify the user and make sure he/she is logged in

- the scenarios you guys suggest imply that, at this point, we should let the passwords fly freely from e.g. the forum into the SSO server and that is a solution we are not willing to implement because of its high risk

In other words, we understand he usability issues mentioned in this topic, but it is nothing we are going to implement now since it would mean putting the whole Arduino website under https, which according to some reports it could slow the server up to 5 times depending on the case. We need to make a lot of performance tests before we can do that.
Logged

0
Offline Offline
Newbie
*
Karma: 1
Posts: 38
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Guys,

before we go all crazy smiley I think you deserve an explanation on how the SSO works and why we haven't implemented the feature you request (yet). This doesn't mean we are looking into feasible methods, but for now it is not possible because:

- the SSO (single sign on) system resides in its own separate server protected with a certificate to ensure there is a secure connection and that your usernames and passwords don't fly over the internet unprotected

- the different websites are having their own way to identify users and we make them request a secret token from the SSO server to identify the user and make sure he/she is logged in

- the scenarios you guys suggest imply that, at this point, we should let the passwords fly freely from e.g. the forum into the SSO server and that is a solution we are not willing to implement because of its high risk

In other words, we understand he usability issues mentioned in this topic, but it is nothing we are going to implement now since it would mean putting the whole Arduino website under https, which according to some reports it could slow the server up to 5 times depending on the case. We need to make a lot of performance tests before we can do that.

His is coming from my severely limited knowledge base, but would it be feasible to submit the login information via a javascript that can make a separate connection to the secure server?

Also, many logins don't have https. They use post. Considering the fact that we're not storing out SS #s on here, I think that post would be fine. =)

Again, this is out of my limited knowledge. I hereby release this post into the public domain.  smiley
Logged

Forum Administrator
MMX
Offline Offline
Edison Member
*****
Karma: 37
Posts: 1139
hallo kompis
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Again, we need to keep things under https for several reasons:

- we want to avoid your information to be stolen, according to the regulations at many places (let's not make a list at this point) it is the domain's owner responsibility to keep user data protected, erase it in case the user requests it, etc

- we are preparing for launching Arduino for schools, and minors' information is even more sensitive than the one for adults

- we are about to launch a store, and there safe connections are pretty important

- there is no way we are going to just use POST to send the data over the net, we were doing it in the past, just because our technology wasn't ready. If you want more reasons why you could just take a look at one very easy example: http://codebutler.com/firesheep with tools like that one, available for anybody, anyone could take your data just by sitting at the same open WiFi you could be using ... not talking about an expert doing it, but literally anyone

- you are right about the ajax solution to send the information, and it is among the list of things we might implement. But we have a long list of things to do before that, that is why I said this feature request will come, but I don't have it in my roadmap yet :-)

I hope I could make our concerns regarding security properly understood.

/d
Logged

Pages: [1]   Go Up
Jump to: