I'm sure you're a trustworthy guy and I can see a bunch of posts from you, but I'm concerned about security (as you are). In a way, what you're doing needs the same security as banking sites. So...
1. Will you be storing passwords in clear or as salted hashes?
2. 2 factor id: Think you can get Last Pass or Yubikey working on your site?
I hope I don't come off as paranoid, but what you're doing *will* catch on, and if someone hacks you (silently) all those fractions of bitcoins from donations will become a pretty bitpenny :p for someone.
I fully intend to sign up as soon as you can convince my fluttering nerves that my (prolly non-existent) donations will safe, and prevent me from swooning.
1. I use django's auth module, which uses salted hash passwords. See https://docs.djangoproject.com/en/dev/topics/auth/
2. I have a plan for 2-factor id, but wasn't planning on integrating Last Pass or Yubikey (not in the current plan). I was thinking more along the lines of allowing users to "lock" their page, and the only way to change it is to unlock it, and the only way to unlock it is through additional authentication. The easiest implementation would be to email the user an "unlock key" to the email address that I have on file, that's good for an hour. Not exactly 2-factor authentication - more like double security with 1-factor - requiring the hacker to have to have guessed the password on my system, as well as hacking the user's email system.
There are several weaknesses in the security right now, but #1 above, isn't one of them. Basically, you need to trust:
- me (I can be lying, above. I may actually store the passwords in plaintext and post them on a bulletin board in Times Square. You just don't know. Also, I can change your wallet ID at any time, regardless of how I store passwords; it's just a SQL database!)
- the security of my system (if someone hacks my database, or physically hacks the system in person, no matter what measures I have in place for user security, all bets are off)
- the security measures I put in place (such as my plan on #2)
- A bunch of stuff between you and me - network / middle men.
- Basic user security (do you have a good password, for instance. I have few requirements here).
Right now, there are many potential attack vectors, and no system is perfect. But if the system gets popular, you can bet I'll be adding additional layers.
Without providing a roadmap for hackers, I can tell you that it's not a perfect system now. I'll be taking steps that I feel are appropriate based on the popularity of the service. The ones that come to mind immediately are:
- Account Lock-out on too many bad passwords
- "locking" mechanism mentioned above
- notification of users when their page changes
- random verification of pages from an external source (to monitor for unexpected changes)
There are a lot of people (including you) who put their Wallet ID in their signature of their posts. These people are essentially trusting the forum managers, the forum software itself, the server that the software is running on, etc. It seems a hacker can come in a change all those ID's to their own, and no one would notice.
I'm thinking that I need to manage security so that I stay at least a step ahead of forum signatures. I am not aiming for "Bank level security" at this point. I do know something about security, as I have consulted with fortune 500 companies on their system security, and have given numerous presentations and papers on system security, and even acted as an expert witness in a reasonably highly publicized court case regarding matters of security. One paper that I co-authored is (last time I checked) a foot note in Wikipedia on a Security-related article (on phishing for passwords, of all things!)
So I hope you find this somewhat comforting.