removing personal information
With respect to:
A member can change or remove their personal information at any time. Removing this information terminates membership in sasCommunity.org. Please be aware that any information you remove may still be viewable in archived or cached pages.
not sure I understand this comment. The only personal information we currently collect are:
- Real Name
- Email Address
- Nick Name
Email Address is required, but I don't think it is exposed to the user. I tested removing my Real Name and there was no impact. So how does removing this information terminate their memembership?
There is also a mention of only administors have access, but it it not clear what it is in reference to. The sentence implies personal information, but it seems to be referring to email address. If we are going to use the term personal information we need to define it better.
--Donh 00:10, 14 March 2007 (EDT)
Paul Grant proposes adding "Members have the option of making their email address available publicly on sasCommunity.org so other users can send them email."
I am not sure where this came from, but it does not correspond to the way that the Wiki works on sasCommunity.org. Unless the user actually places their email address on a page, there is no disclosure of their email address. In the preferences for each user, there is an option Enable e-mail from other users. If this option is checked (which we recommend) then other users can send them email through the website, but this does not reveal either users actual email address.
--Statprof 22:03, 12 March 2007 (EDT)
passwords in plain text
Firefox gave a warning as I was entering my userid and password that they were to be sent in plain text. I would hope that this can be changed when this becomes productional.
passwords in plain text
If you can find a mod to MediaWiki to provide this functionality, we would consider it. Snooping for passwords used to be a significant problem, but many computer connections are through switches making this a significantly harder task these days. We note that the Wikipedia site  does not do SSH connections for its login page and it appears to have not been a problem in that much larger community. Making the entire site accessible only via SSH would probably be cost prohibitive.
--Statprof 11:38, 13 March 2007 (EDT)
DonH's suggestions addressed