This is CimmerianX. Why the move away from ID/PW and over to another 3rd party? Why the need for Dazah at all?

Sorry guys, but I won't use Dazah. Good Luck in your future endeavors.

Member Avatar

Bye CimmerianX.

> Why the move away from ID/PW

You can still log in with a username + password through Dazah.

This is AssertNull. I tried to log in under my account, but got a bad link for the password reset, so I had to create a new account using an alternate email. I normally wait a few days to post to give the new system a chance to work out the bugs that all new systems have. However, my particular comments are not bugs, so I'll post now. My post is intended as constructive criticism.

I try to keep my internet footprint fairly discreet for sites like this. In particular, I like to have the option to have account information, particularly the information available to the public, not automatically read in from my gmail account. Now I was informed as I registered that Dazah "would like" to read this information, so there is that transparency. However, I saw no option to opt out of this and still register. I registered and my full name was filled in in my profile automatically. I have changed this to "Fred Flintstone", but I much prefer to be able to "opt in" rather than change this information. What it means is that Daniweb knows my real name upon registering. Whether you kept my real name after I changed it is something I don't know. I hope you did not. I am not too concerned because Daniweb does not strike me as a site that would do anything nefarious with my personal information. That said, we've all been burned before and had an uptick in spam/targeted mail after registering at forums that abused or sold our personal information. So I reiterate that I would like to be able to "opt in" for this. I see no reason why Daniweb needed to extract anything (name, contacts, whatever) for registration. They need a valid email, obviously, but nothing else. I don't believe my original registration scanned my email account and auto-filled in my name. Again, I was informed that this would happen and clicked OK, but also again, I saw no way to register without giving permission for this.

As for the username, I was automatically assigned this based on my real first name. I tried to change this to AssertNull2 and it said it worked, but I still see my real first name as my user name. I'm not paranoid, but I don't wish to share this with the entire world if I can help it.

Finally, I logged out, then logged back in with one click of the "Log In" button without having to enter a username, email address, or password. I am the only one who uses this computer, but security-wise, this strikes me as bad. When I log out, I want to be logged OUT. I imagine if I cleared my cookies or cache or whatever, I'd have to re-enter my password, but I didn't have to do that before. I've never seen a secure site that did this.

As for Dazah, I don't know what that is. I joined Daniweb. Have I become a member of something else too?

Member Avatar

Sorry guys, but I won't use Dazah.

You can still log in with a username + password through Dazah.

Just to clarify, DaniWeb accounts were migrated into Dazah. However, only emails were migrated, not passwords, because legacy DaniWeb was still using vBulletin's old method of storing passwords as MD5 hashes in the database. I want to make things a lot more secure moving forward.