Recent content by Timothy Kaler

Passwords are still being sent as plain text. You should consider the two stage authentication scheme I proposed. It provides good login security without SSL. Tim

The game is being sold both in stores via packaged disks and online via "digital distribution." You should be able to purchase the game online. I have not played Starcraft II myself. ~Tim

There are probably less specific features that could be implemented, which would provide "global Macros" as a special usage case. For example: custom BB codes. The benefits of allowing individuals to define and use their own canned responses is not clear to me. ~Tim

If there is a well implemented "Push" API, this could be easily included as either 3rd party extension or as a part of the core product without significantly affecting server load. ~Tim

This may be a useful feature, at least for staff members. Many communities instruct their staff to give canned responses when certain issues or questions arise. For example, staff at vB.org always post the same canned response whenever an unlicensed user asks for support. ~Tim

I'm aware of the relevant technologies. I do not like the buzz-word "Comet" because it is not descriptive, and it does not actually refer to a specific implementation strategy. Long http requests are not always the optimal way to give the illusion of "pushing" events to the user. Infrequent...

It would be nice to have a single API which allows various parts of the application, and 3rd party extensions to be able to "Push" client side events to the user. These events might be notifications, updated content, or something else. There could be a single poll to the server which fetches a...

Well if there is no data to retrieve, then you would only download an empty list: "[]". You could further minimize the cost by creating a static file for every user whose contents are an integer representing an auto-incrementing ID of the last notification the application has generated for the...

In my opinion, it is easier to commercialize a web service than it is to commercialize a web script intended to be ran on your customer's server. Xenforo could host all customer's communities for a monthly subscription fee, and have tiered rates that depend on a customer's resource usage...

Ideally there would be a single poll to the server at some admin configurable frequency that retrieves a list of JSON objects each of which specifies a Javascript function and its arguments. Each object representing an action which some part of the application wishes to "push" to the user. Then...

If the user has a keylogger on their computer, then nothing will protect them. However, if the user has a program that is monitoring their network traffic, then all of the security precautions meant to prevent channel attacks would also serve to protect the user with the locally installed...

Doing it with a session token is the same as what I proposed, just the handshake string would be the session token generated for the user at a different point in time. Using a site key is not a good solution, because if the user always sends the same authentication string to the server when they...

Well it doesn't look like there is any background polling for new replies when you are viewing a thread. However, when they are processing your new reply they may fetch all new replies when they update the reply list. Edit: When posting a new reply, the server returns a chunk of text...

I don't agree with the article. Without password masking I would not be comfortable logging into my accounts in public places. It is also a feature that users expect when they login to a website. ~Tim

SSL is the obvious solution for sites which are serious about security. ~Tim