dumb drupal question
Is it now relatively easy perchance to install drupal
via one of those hosted accounts (where one's capabilities
tend to be pretty restricted and they tend to assume any
thing that needs to be done can be done via cpanel)? It was once
the case that drupal was seriously on the outs with cpanel.
I hope that has changed?
I'm thinking of getting back in the web site business
to promote select issues in my corner of the jungle especially since I got kicked off of my "own" mailing list! (Ok they couldn't really evict me when I owned the account housing the list since only I could remove addresses, but in the interests of democracy I decided to go along with the group's decision which was basically that the really talkative people should shut up. Democracy can be a pain when it doesn't go your way :-) Seriously tho it just takes one of those "I cannot tolerate any 'nonessential' messages" types to completely chill off a list in my experience. I've seen many a technical mailing list get sunk by one or two of the 'signal-to-noise' or "off-topic" chronic dampeners. It is very unlikely in my experience that a mailing list won't just plain die once even just one person of stature puts out the "stifle it" message.
Which is probably why people invented forums :-) What is good about a mailing list is potentially limiting it to the right
people eg if one wants to cover workplace issues and not have
management reading along. I have yet to see a really good way
to implement this as a forum without having people apply and
be approved to have accounts which they have to log in to and
all that... Am I missing any developments in that area?
Well, how else to confirm
Well, how else to confirm someone's identity? I think I'm not understanding the question.
limit something to members
How else to confirm? Well it'd be either some shared secret like a password or something the
potential forum user has like a fingerprint,
and/or x.509 certificate, generated credential from a token
device. Authentication is a 2 way street too, not only
does the user need to authenticate to the web site but
vice-versa. Many schemes have been devised for this:
http://www.entrust.com/strong-authentication/mutual-authentication/metho...
A typical way to handle this now would be:
A union has a web site and by default the members can't login to it. They have to request a login based on their name
and local they give an email address. (Which does not verify their identity. Someone else could claim to be that person.)
If accepted the website either creates a login with a
temporary password or sends the id,password to the user
in email. [Either way it is insecure.] This system has a lot of problems and most of all it ends up with few union members having accounts (for which they could actually produce the id and password and login). This system is
insecure in every regard combined with low participation.
For that reason another way to do things would be very useful.
One way to do it would be for a high level union entity example to run its own certificate authority and issue x.509 certificates to union members. (This is not necessarily rock solid security. Even commercial certificate entities tend to distribute certificates in plain text emails. And if that email is sent to your work account or other questionable location, that's not very good! Another way to go would be for every union member to get an email address (and password ( in some grand unified union email system. That could act as a single signon system to individual resources.But this would mean that say any local would have to trust the operations of a higher entity and that is a big stretch :-)
This could only work if the email assigning entity were independent and beyond reproach and temptation to meddle.