Comments

Thu, Dec 5th 2013 4:48pmPosted by CodeToad
Strongly agree with scudiac on 3-25-11, which was ages ago. I'm not a security person, but I know good recommendation when I see 'em. Have worked for big sw engineering shops, two of the Big Four, a long stent at McKinsey & Co, and small starts -- all would have jumped at scudiac's comments... with all of the usual management chest-beating, endless update requests, and hiring security contractors! I hate security issues as much as you do, but this is just the right thing to do. Nobody wants script kiddies crawling all over our info. SO PLEASE do the right thing.... CodeToad
Mon, Oct 3rd 2011 8:04pmPosted by heat23
t_ski,

Thanks for your suggestion. Now if you click on 'Top Users' (or 'Top Donators'), it will display an expanded list!

heat
Fri, Sep 9th 2011 10:25pmPosted by t_ski
Would it be possible to expand the Top Users list on the left (ie: more than the top ten users)? It would be nice to click on the title of the box and go to a separate page that lists users by ranking. There used to be a website that tracked this, but I can't find it now for the life of me...
Fri, Apr 22nd 2011 5:30pmPosted by Quintox
Mike, check your mailbox.
Mon, Apr 11th 2011 12:04pmPosted by heat23
GreyFalcon: Thanks for the feedback. That is something that has been at the top of our list - to move the navigation to the left-side and make the site more friendly for smaller windows.

Scudiac: The lost password form was fixed a week or two ago. Give it a try again. All the other suggestions were excellent, some of which we have not thought of before. I will investigate those a bit more and see what I can do.

darckhart: Thanks for the suggestions, I will look into those.
Mon, Apr 4th 2011 9:29pmPosted by karaktu
Doh! I see that info is listed on the user/eval page.
Mon, Apr 4th 2011 5:27pmPosted by karaktu
It would be interesting to know how many user Heatware has. Perhaps "Top Users out of xxxxxx" ?
Sat, Apr 2nd 2011 6:04pmPosted by darckhart
1. On a user's page, in the page actions section at the top, please change the >> icons that separate the actions. I mistakenly thought it was a chain of events going from left to right when in fact you can do each separately.
2. On a user's page, in the page actions section at the top, please consider changing the action 'post evaluation' to a selection that includes a 'request evaluation' in addition to the post. In this way, one can ask or give evals using the same button. (Coming from ebay, as a buyer I still feel Feedback Hostaged when I have paid and not received immediate feedback.
3. +1 to ssl. at the min for login. heat is tying together accts that link to 1 user that goes to 1 email.

thanks
Fri, Mar 25th 2011 2:01amPosted by scudiac
love the service. however, a few suggestions:

#1 SSL should at least be an option if not the default.

#2 make it harder to stop people from harvesting email addresses. All you have to do to get someone's email address is simply enter a username in the lost email address field here: http://heatware.com/user_lost.php
Since the top donaters and top users boxes provide tons of user names without logging in (and change), this seems like a huge security hole.

#3 stop allowing unlimited login tries or at least add a captcha. It's so easy to brute force logins with simple browser macros/scripts. Captcha should be mandatory and there should be something like a waiting period of 15mins after 3-5 failed login attempts.

#4 fix your lost password form:
"Warning: fsockopen(): unable to connect to smtp.heatware.com:25 (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ) in D:wwwheatwarewebPHPsmtp.inc on line 87 "

keep up the good work.

Add Comment

You must login to post a comment