charmian: a snowy owl (Default)
charmian ([personal profile] charmian) wrote in [site community profile] dw_suggestions2009-10-15 10:12 am

Password Protection Option

Title:
Password Protection Option

Area:
Security

Summary:
A new level of security, password protection, could be created. It would be similar to the <a href="http://en.wordpress.com/features/password-protected-posts/">Wordpress feature,</a> where viewers must enter a password in order to see a post.

Description:
Sometimes, users might want someone who doesn't have a Dreamwidth account to see a post. This person might have a low level of internet know-how, or not want to go through the trouble of using openID to simply see one post. (Or, it could be a group of persons, meaning that it might be inconvenient to add them all)

Or, if this person has a Dreamwidth or openID account, the user might not want to grant them access because it would mean that they could see all of the user's access-locked posts on the Default Access List level of security.

In terms of feeds or crossposts, the post would be replaced with a link to the Dreamwidth entry (since LJ doesn't allow for passwording). Comments would also not be visible.

In terms of the posting interface, I think it could be placed under security options after Custom Filters. If selected, there would appear a box where the poster could type in the password. Password-protected posts would be public (I'm not sure there is much use in them being Access-locked).

Poll #1498 Password Protection Option
Open to: Registered Users, detailed results viewable to: All, participants: 40


This suggestion:

View Answers

Should be implemented as-is.
10 (25.0%)

Should be implemented with changes. (please comment)
6 (15.0%)

Shouldn't be implemented.
12 (30.0%)

(I have no opinion)
12 (30.0%)

(Other: please comment)
0 (0.0%)

zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

[personal profile] zvi 2009-10-20 01:24 am (UTC)(link)
If we do this, the level of security should not be public. (The whole point of having locked entries is that people who can't see them don't see evidence that they're there.)

Also, I would want to be able to set the password either per-entry or per tag, so that giving someone access to one password-protected entry wouldn't open up any other password-protected entries to them.
cheyinka: A sketch of a Metroid (Default)

[personal profile] cheyinka 2009-10-20 02:01 am (UTC)(link)
They'd have to be public in order for this to work as "access-lock for people I don't want to see my default access entries" or "access-lock for people who I don't want to be visible on my profile" or "access-lock for people who can't set up a Dreamwidth", though.

(I am not advocating this suggestion be implemented, just pointing that out.)
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

[personal profile] zvi 2009-10-20 03:27 am (UTC)(link)
Maybe we're talking about two different things when we're talking about the entry being public or not. My idea is that you wouldn't be able to discover this password-protected entry: it wouldn't post to anyone's reading list, it wouldn't show up on the calendar, it wouldn't be in the flow of entries if you're going backward or forward through entries. (Only the reading list hiding should apply to the owner of the entry.)

If someone wanted you to read the entry, you would have to get a direct url, and then the entry would request the user name and password.

If possible (and this might be a gigantic database of info that is just not worth keeping, but it would be really cool) if a logged in user opened an entry with a password, they should be able to go back to the entry while logged in without re-entering a password, through multiple sessions, at least until the entry is changed in some way (ideally, until the password is changed, but it might be easier/cheaper to just watch for any change.)
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

[personal profile] zvi 2009-10-20 03:38 am (UTC)(link)
not a username. I typed it w/o thinking, because it's astock phrase in my head.
matgb: Artwork of 19th century upper class anarchist, text: MatGB (Default)

[personal profile] matgb 2009-10-22 01:20 am (UTC)(link)
Disagree with this--sure, it could be an option to hide it that much, but I'd want such entries to appear in my RSS marked as "password protected" (I'd also like some way of pinging RSS readers and aggregators that don't use auth=digest as well) as that's where a fair few readers come from.

There's no point, to me, in having an easier way to have non-site users get to an entry then make it impossible for them to find it. This would be especially true of some older family members who might just possibly remember to check a URL, etc.
kyrielle: A photo of kyrielle, in profile, turned slightly toward the viewer (Default)

[personal profile] kyrielle 2009-10-20 03:00 am (UTC)(link)
Allow the user to specify whether it's public-with-password or private-with-password (anyone can see it exists or no one can see it exists, but either way a person linked directly to the post may input the password and see it), on a per-post basis. Specify the password on a per-post basis also. This way, people who want the Wordpress-like feature can have it, but also someone can choose to make a post and then email the links to people.

Really, REALLY sweet: allow to specify an access list plus password, and set existence-of-post public or private. People on the access list can see the post normally; those not on it can either see it exists or not based on that setting; those not on the list, given a link to the post (either because they see it exists or a direct link is sent) can give the password and see the post. This would allow you to invite into your access-list-locked discussion people who might otherwise not see it.

Allow a password to be added to an access list. I have an access list called "Mommy" for my, well, mommying posts. Let me add a password to it as if it were an account, and anyone who supplies that password can see any post with that security. That would be cool. That may be too complex to do, though, but it would be cool.
Edited 2009-10-20 03:04 (UTC)
distractionary: apple in foreground, out-of-focus bridge in background. (Purple.) (Default)

[personal profile] distractionary 2009-10-20 02:01 pm (UTC)(link)
+1
elena: Integra Hellsing closeup (integral closeup)

[personal profile] elena 2009-10-21 06:22 am (UTC)(link)
That would be a great way to implement this feature.
kyrielle: A photo of kyrielle, in profile, turned slightly toward the viewer (Default)

[personal profile] kyrielle 2009-10-21 01:01 pm (UTC)(link)
One more thought - if the posts are not public-visible/discoverable, it'd be nice if putting the password in at the journal level revealed all the posts with that password (which means supplying some way, perhaps via a link or button, to put in the password). No need to remember 2+ passwords per reader per journal, IMO, but the most recent one would be nice.
matgb: Artwork of 19th century upper class anarchist, text: MatGB (Default)

[personal profile] matgb 2009-10-22 01:16 am (UTC)(link)
I would actually really like this option--a lot of my readers (and even more of [personal profile] miss_s_b's) are non LJ/DW users unfamiliar with OpenID or LJ tricks.

We would both definitely want the entry to appear in the RSS feed, for example, as a lot of our readers come to us from an aggregator. How often it'd be used I don't know, but it could definitely be very useful.