I'd rather leave the IP address in. If I get a lot of undeliverable email errors in my inbox from multiple users, but all from a single IP address, then I know where to look for a possible spam attack and I can add their IP address to my block list before an attack is launched...
The IP address in the notification email isn't for the end user, it's for me...
I think we're back to the "Me" vs. "User" position you always seem to take. <img border="0" title="" alt="[Roll Eyes]" src="images/icons/rolleyes.gif" />
You have missed my point again.
Regards, Tony S. www.chevyforums.org "The largest online Chevrolet enthusiast community in the world"
This allows a user who recieves the email, but did *not* register themselves, know that someone is trying to use their email address to register on some site and they now have this unknown user's IP address to track them down or inform their ISP that someone is trying to use their email information without their consent.
It's a security related precaution used often in such things as email verification of new accounts. This is not a bad thing at all. <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />
</font><blockquote><font size="1" face="">quote:</font><hr /><font size="" face=""> I think we're back to the "Me" vs. "User" position you always seem to take.
You have missed my point again <img border="0" title="" alt="[Roll Eyes]" src="images/icons/rolleyes.gif" /> </font><hr /></blockquote><font size="" face="">No, not at all. As JustDave pointed out, there are other securioty concerns involved with having the IP address in the email.
It also gets included in the email that lets you know when someone has requested your password via the password recovery option. Oh gee, there I go again thinking about myself instead of the user <img border="0" title="" alt="[Roll Eyes]" src="images/icons/rolleyes.gif" /> You really should read more of my posts before attempting to slam me with a lame generalazation. If you did you'd see that I've suggested many changes that benefitted my users, suggestions that are now a part of Threads...
ANY email that goes to a end user should be focused towards the end user, NOT the admin.
I deal with older Vets (60->80's) and some younger ones, the older guys dont have a clue about IPs, nor should I expect them too. The purpose of web design is to hide the internals in a human oriented design and interface (HCI).
Simple service and support really. The problem is that there is no way to customize the emails sent to end users unless you hunt and peck through the language files. For example, adding a custom company tagline to out going mail is important from a marketing and branding perspective.
With UBB this was a breeze, why this is not a current feature of UBBT I really dont understand, it should be. This is a GREAT board and FAST but needs some of UBBs finer points.
</font><blockquote><font size="1" face="">quote:</font><hr /><font size="" face="">Originally posted by Tony S.: I still think your looking at it from a techie perspective only. Regards, Tony S.</font><hr /></blockquote><font size="" face="">Dalantech...
Duh Local Area Network Tech...
Me, look at something from a techie perspective only?! <img border="0" title="" alt="[Razz]" src="images/icons/tongue.gif" /> <img border="0" title="" alt="[Big Grin]" src="images/icons/grin.gif" />
I do think that the welcome message needs some work (it is very unfriendly). But I do want to leave the IP address in the email, or at least have the option to leave it in.
Security is about making trade offs: How much security am I willing to give up to make things easier for my users? At what point am I sacrificing too much security for very little end user gain?
As a web master you're gonna lose: Users will complain that your security practices make your site irritating to use, until someone breaks into your site and wipes out all the data. Then they’ll complain that your security wasn't tight enough...
JustDave is correct: Having the IP address in the email kinda puts the people who know how to abuse your site on notice: It tells them that their IP address is being monitored. Seeing their IP address in the email won't necessarily stop someone from hacking, but not seeing it projects a false sense of security...
Leaving the IP also lets people know that you are tracking their usage, a problem for those of us that do not want to. For example government sites are prohibited from using them in most cases.
With the home land security hitting things up hard including the Cyber Security Enhancement Act, Poindexter wanting a national database on all US citizens, Libraries and Librarians being governed by the Patriot Act and numerous other privacy issues that have been lost lately I'll bet government sites WILL be tracking IP addresses. <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />
Not denying the need for security but tracking someone and letting them know how, why and the very fact that you are tracking them is not the best way.
A log should be used in place of the IP in the welcome emails or a seperate email to the admin for new registrations.
Back to my post on HCI, displaying them may be okay for your site but for most sites it is just ugly, security can be gained without the loss of the interface.
</font><blockquote><font size="1" face="">quote:</font><hr /><font size="" face="">Originally posted by ARMYOCS: ...For example government sites are prohibited from using them in most cases.
-Jason
SCOUTS OUT!</font><hr /></blockquote><font size="" face="">Sorry, I have to call you out on this one. As someone who works on DoD networks I can tell you that everything you do on a DoD net is monitored! In fact there is a warning message that is displayed on all DoD equipment, when you log in, that tells you that your activity is subject to monitoring...
</font><blockquote><font size="1" face="">quote:</font><hr /><font size="" face=""> Let me qualify that I am no expert on security so please dont pay to much attention to me there.
I am more interested in the end user interface that is really rough here.
Sorry, dont want to get into a heavyweight discussion when I am a flyweight ;-)) </font><hr /></blockquote><font size="" face="">Did you miss this or do you selectively read?
I have been in for over 13 years now, hadnt really noticed the monitoring, glad you pointed it out too, way over my pay grade.... catching the sarcasm here?
The point is that broadcasting what you are doing is just plain foolish and is confusing to end users. Keep it hidden or dont keep it at all. Bad design + bad interface = crappy product. Why cant UBBT just have its rough edges rounded off like UBB? I am sure all these folks work in the same building.
Just a point, UBBT is for end users, not for admins, dump the IP or hide it.
I've had users write to me and say that they received the email of someone requesting their password.
They've given me that IP address.... and I've searched threads for it in posts etc... and we found who was screwing around trying to get into another users account.
So sometimes the IP address can help you nail down a troublemaker. <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" />
First, yes I agree that the initial email that's sent to a new user could use some smoothing out.
Second, I believe the user recieving the email needs to have some sort of means to protect themselves from identity theft such as including the IP address.
Perhaps, if the message did not contian the IP address but that the email itself was assigned a specific ID number with a notice that they can get the IP number of the person attempting to use this email address if it is not them.
Then, the email ID would be stored along with the IP address and any other information taken in at signup untill the new user logs in or the information is purged after a set time.
I originally brought this up to address the welcome email "wording content". But it has picked up some interesting comments. Sorry for the rant again.
I still don't see how security is an issue. I hope that if you have the option of requiring unique email addresses set to on the system will not allow more than one email to request access to the account of another. That's the security that should be deployed. Period.
If the email address registering is not on file and the username does not exist the new username and password gets sent to the person requesting it. Done deal.
The other issue of an existing member requesting a forgotten password is actually the one that should require a redesign. If the person requesting the password for a username includes an email address thats not on record for the username simply deny the request as "email address is not on file for that username" . Done deal.
The fact that it goes through the motion of sending the existing member notification that an IP address has requested their password is dull.
The responsibility for password security should be the site owners NOT the user community. All this should be done under the hood and away from the user.
A text box or template to allow admins to structure the content of the welcome note would be a great addition for future releases. <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" />
Regards, Tony S. www.chevyforums.org "The largest online Chevrolet enthusiast community in the world"
</font><blockquote><font size="1" face="">quote:</font><hr /><font size="" face="">Originally posted by Dave_L: I doubt if there's any choice of defaults that would make everyone happy.
My preference would be to have all the email texts in a single file, so they can be easily customized.</font><hr /></blockquote><font size="" face=""><img border="0" title="" alt="[Big Grin]" src="images/icons/grin.gif" />
We seem to have two camps here with one thing in common: We all agree that the email wording needs to be more end user friendly. My only point (and hopefully my last post in this thread) is that the IP address info should be an option, and not something that's cut out completely.
Yes, security is the responcibility of the person(s) running the site, not the end user. I see the IP address in the email as a necessary security feature (but then again, I'm a network engineer who deals with computer security). If you don't, then that's OK. If we ever get the option to disable it then you are more than welcome to turn it off.
Learn a little PHP scripting and you could probably hack it out of Threads right now...
I agree with most of the comments here, but the underlying thing is..
These emails NEED to be customisable.. also the welcome private message that is sent to the user when registered doesnt appear to be changable (or if it is, I have no idea how), and that message is very basic and impolite.
Anything that is sent to a user or admin needs to be changable I think.
