Insecure password + custom toolbar markup tag buttons

For your ideas and wishes.
WPer
Posts: 1
Joined: 03.04.2008 12:25

Insecure password + custom toolbar markup tag buttons

Postby WPer » 03.04.2008 22:33

Just started using BlogDesk with Wordpress.com (nearly missed the (read) More tab when checking a previously published post) and it seems pretty good. I'm using SSL (port 443) with my blog and it works fine.

Well done Johannes.

I think opening it up (the source code) so that others could collabarate with Johannes would be a good thing. For example, adding code that would make it easier to add more translations, improve security etc.

One concern and a suggestion.

The login (username) and password for a blog must be stored in BlogDesk. An error occurs in BlogDesk if this information for a blog wasn't stored and you try to publish to that blog i.e. if these fields are left blank for a blog, BlogDesk doesn't prompt for input on a connection attempt, it just displays an error.

Being forced to store the password in particular is a concern as it is easy to crack the password in BlogDesk. This is because a basic Windows Edit control has been used with a password flag.

Perhaps a 'secure edit control' could be used instead.

In addition, I would like to see Password (or Login & Password) prompting on a connection attempt when this field(s) has been left blank.

My suggestion is for custom markup tag buttons that could be added to a toolbar. At the moment it appears to me that the only way to store and insert custom markup is to add a FUP.

Perhaps an interim solution is to change the FUP menu so it opens out like a menu item with an arrow/pointer beside it (I don't know the correct terminology for this) eg. like 'New From Template >' or 'Open Blog in Browser... >' or 'Insert image >'

Best regards,
A WPer!

Johannes
BlogDesk
Posts: 553
Joined: 19.08.2005 20:29

Re: Insecure password + custom toolbar markup tag buttons

Postby Johannes » 03.04.2008 23:11

WPer wrote:Being forced to store the password in particular is a concern as it is easy to crack the password in BlogDesk. This is because a basic Windows Edit control has been used with a password flag.

To exploit this, one has to have physical access to your computer. In this case, you should worry about more than just your blog password. But you are right, I need to implement a password dialog for those who don't want to store it.


Return to “Feature Requests”