?

Log in

No account? Create an account
Acceptability question... - LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Acceptability question... [Nov. 1st, 2001|06:15 pm]
LiveJournal Client Discussions

lj_clients

[thelovebug]
[mood |creativecreative]

As part of pocketlj (my LJclient), I want to be able to do the following:

  1. Store user preferences, based on and identifiable by the users LJ username. i.e. username=thelovebug, background=black, etc
  2. Provide a web-based system which allows users to change their client preferences. This would involve the use of the LJprotocol to authenticate the user, the allow the user to see/change the information stored in point 1.
On the condition that I do not store the users password in any way, shape or form...

... is this acceptable?

If not, can you throw any suggestions to me?

Point 1. should be ok, as it would only be an extension of the existing client. Point 2. is the issue here, making use of the LJprotocol to authenticate the user. This will be heavily identified as a part of the PocketLJ client, and if there is a notice on the front screen to inform users that their passwords will not be stored, I'm hoping this will be ok.

I welcome comments.... when LJ starts accepting them again :o)
linkReply

Comments:
[User Picture]From: suppafly
2001-11-01 07:27 am (UTC)
2 sounds ok.. you aren't forcing them to use it..
(Reply) (Thread)
[User Picture]From: xb95
2001-11-01 11:05 am (UTC)
Enable people to give you the MD5 checksum of their password instead of the actual password. Alternately perhaps let the browser compute the MD5 checksum and then submit that to your web site, since that way you don't have the password, just the MD5 checksum of it. I would be more comfortable with that, though, I'm not all that woried about giving out my password, really. Also, I don't have a Pocket* anyway... ohwell. :)
(Reply) (Thread)
[User Picture]From: thegreatdark
2001-11-01 01:11 pm (UTC)
Why not the hash of the hash, if that's possible?

*tries it*

Yup, two different hashes.

That way, someone can't just make a cookie that has their hash stored in it, and do anything to the user's LJ.

Since LJ uses the hash everywhere... seems a bit safer.
(Reply) (Parent) (Thread)