HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Should the members list be visible to other members

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#99505 (In Topic #19555)
TQ
Avatar

Honoured member

Hi All

I've had my members list visible to all other members since I rebuilt the site 2 months ago. This would normally not be a problem as most of the members are Radio Amateurs who like to see their callsign "in lights".

In the past week I've had a couple of individuals running something at their end that is making 1000's of requests to my site and clogging up my PHP's fast-CGI and bringing my web server down to a crawl.

As an example, for the past 5 days a gentleman in Brisbane is sending 2-3 HTTP requests per second, 24 hours a day non-stop.

I have blocked his IP at server level and, although not directly related, it's woken me up to the fact that I need to pay better attention to the security of the site and that the members list may contain information that spammers or other individuals may like to have.

I'd appreciate a consensus on this subject to help me decide whether to show or hide the list in future.

Thanks for your input.

Nick
Back to the top
 
Posted
Rating:
#99507
Avatar

Community saint

if its just the members list I don't think there is that much info for the bots to scrape.
Back to the top
 
Posted
Rating:
#99510
TQ
Avatar

Honoured member

Hi Duck,

It's not quite that simple. Although I'm still having trouble with it, I've installed Google user map add-on which adds the Lat/Long to the users profile. Also the users location is displayed.

Radio Amateurs are big on providing their exact lat/long info (you could view my dustbin with my info) and I wonder if that's too much information. I haven't yet worked out how to hide that information from members.

I just don't want to be the cause of someone's house being tossed while they are on holiday etc.

Am I being paranoid?

Nick
Back to the top
 
Posted
Rating:
#99511
Avatar

Community saint

You could adjust permissions to the very least registered members have view access guests dont and if you have paid or members of higher standing (maybe use points) restrict the access to them. I don't think you have too much cause for worry but you could always poll your members to see how they feel too. The Lat and Long display as reported by browsers is not precise and is usually anwhere from a 2 mile radious of where they actually are.
Back to the top
 
Posted
Rating:
#99514
TQ
Avatar

Honoured member

I already exclude guests from viewing the members lists. There are no plans to have paid members but for sure, I could have 2 levels of members ie trusted and not-so-trusted!

Radio Hams will edit the lats n longs to dustbin lid accuracy because exact locations are part of the game. You've got to believe it, I'm currently building an iGate and digipeater (by request) to put along side my radio repeater so that the locals can put trackers in their cars then go on-line and find out which McDonald's that are visiting.

If you are curious, check this out: http://aprs.fi/#!addr=london

:lol:Bonkers!

Nick
Back to the top
 
Posted
Rating:
#99515
Avatar

Community saint

TQ said

Radio Amateurs are big on providing their exact lat/long info (you could view my dustbin with my info) and I wonder if that's too much information.
To me that would be way too much information to let lose on the Internet.

TQ said

I haven't yet worked out how to hide that information from members.
In v7, before the member profile screen was split into tabs, I played around with something similar where I was altering lat/long displays by adding conditional code to the OCF_MEMBER_PROFILE_SCREEN template.

Don't know if that is still easy to do since tabs were introduced in v8 O_o .

TQ said

I just don't want to be the cause of someone's house being tossed while they are on holiday etc.
That is a valid concern. You always have to consider privacy issues.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#99526
Avatar

Community saint

Well the good news is v10 when it is available might better sort this out for you as I believe CPF's can be set by users on who they wish to view them (ie their friends list) In the meantime perhaps a trusted users group might work for now.
Back to the top
 
Posted
Rating:
#99556
TQ
Avatar

Honoured member

Gratitude to both Duck & temp1024 for their replies.

Good news about v10.

Maybe a check box against each field for Public/Private that members could self regulate would shift the responsibility from site owner to member, just a thought!

I will however see how I can implement a Trusted-Member group although I may call it Certified-Member so as not to upset Ordinary - Members. Then I can disallow ordinary member from access to the members details.

Thanks to everyone for their input.

Nick
Back to the top
 
Posted
Rating:
#99557
Avatar

The CPF privacy feature actually has existed for a while.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#99560
TQ
Avatar

Honoured member

Hi Chris, thanks for the wake-up call. I know CPF's are available because I'm already using them doh.

I will trawl the security options to try and answer this myself but can I make "Publicly Viewable" connect with a specific group/s, in my case "Certified Members" but not "Members".

Nick
Back to the top
 
Posted
Rating:
#99561
Avatar

Nope.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#99568
Avatar

Here's a hint though…

In the OCF_MEMBER_PROFILE_ABOUT template you'll find:

Code

{+START,LOOP,CUSTOM_FIELDS}
   ...
{+END}

You can change to:

Code

{+START,LOOP,CUSTOM_FIELDS}
   {+START,IF,{$OR,{$IS_IN_GROUP,2-5},{$NEQ,{NAME},Some Private Field,Some Other Private Field,Yet Another Private Field}}}
      ...
   {+END}
{+END}

This would let anyone in groups #2 to #5 see those 3 fields, but nobody else.

The logic basically says "If the group is 2-5 or the field is not one of the restricted ones, show the field".

If you have your field showing in member box's, you can do something equivalent in OCF_MEMBER_BOX_CUSTOM_FIELD.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: