Strongly agree with scudiac on 3-25-11, which was ages ago. I'm not a security person, but I know good recommendation when I see 'em. Have worked for big sw engineering shops, two of the Big Four, a long stent at McKinsey & Co, and small starts -- all would have jumped at scudiac's comments... with all of the usual management chest-beating, endless update requests, and hiring security contractors! I hate security issues as much as you do, but this is just the right thing to do. Nobody wants script kiddies crawling all over our info. SO PLEASE do the right thing.... CodeToad
Would it be possible to expand the Top Users list on the left (ie: more than the top ten users)? It would be nice to click on the title of the box and go to a separate page that lists users by ranking. There used to be a website that tracked this, but I can't find it now for the life of me...
GreyFalcon: Thanks for the feedback. That is something that has been at the top of our list - to move the navigation to the left-side and make the site more friendly for smaller windows.
Scudiac: The lost password form was fixed a week or two ago. Give it a try again. All the other suggestions were excellent, some of which we have not thought of before. I will investigate those a bit more and see what I can do.
darckhart: Thanks for the suggestions, I will look into those.
1. On a user's page, in the page actions section at the top, please change the >> icons that separate the actions. I mistakenly thought it was a chain of events going from left to right when in fact you can do each separately.
2. On a user's page, in the page actions section at the top, please consider changing the action 'post evaluation' to a selection that includes a 'request evaluation' in addition to the post. In this way, one can ask or give evals using the same button. (Coming from ebay, as a buyer I still feel Feedback Hostaged when I have paid and not received immediate feedback.
3. +1 to ssl. at the min for login. heat is tying together accts that link to 1 user that goes to 1 email.
#1 SSL should at least be an option if not the default.
#2 make it harder to stop people from harvesting email addresses. All you have to do to get someone's email address is simply enter a username in the lost email address field here: http://heatware.com/user_lost.php
Since the top donaters and top users boxes provide tons of user names without logging in (and change), this seems like a huge security hole.
#3 stop allowing unlimited login tries or at least add a captcha. It's so easy to brute force logins with simple browser macros/scripts. Captcha should be mandatory and there should be something like a waiting period of 15mins after 3-5 failed login attempts.
#4 fix your lost password form:
"Warning: fsockopen(): unable to connect to smtp.heatware.com:25 (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ) in D:wwwheatwarewebPHPsmtp.inc on line 87 "