Personal tools

Contact Us 24/7 > 1 866.SIX FEET
Sections

Skip to content. | Skip to navigation

Home > Portfolio > Simons Foundation > custom-application
12/07/16

EVERYONE.NET SCHEDULED MAINTENANCE 

Everyone.net will be performing maintenance on their databases Friday, December 9th, 2016 between 9:00PM PT to 3:00AM PT / 12:00AM ET to 06:00AM ET. During this time, all services including web mail, POP, IMAP, and SMTP relay may experience degraded performance and inbound mail delivery delays. We apologize for any inconvenience.

Custom Application

A Pyramid-based OpenID solution

Six Feet Up architected and implemented an OpenID solution based off of the Python Web framework Pyramid, using solid open-source tools such as PostgreSQL, Twitter Bootstrap and PassLib.

Six Feet Up's Open ID solution helps defeat brute force attacks by artificially increasing the time it takes to authenticate users and passwords.

The new system also boasts a brand new UI aimed at providing both admin and end-users with a faster, more intuitive and more modern experience. For instance, admin users can manage users and user access more easily with the new implementation.

OpenID Home Screen - SpeakFriend

Usability and Features

The OpenID solution allows users to:

  • Use a search bar that uses full-text search (previously had to search specific fields) to look up information
  • Disable users right from the user list (vs. from the profile page)
  • Prompt password reset from the user list
  • Review stats on last login, account creation, etc.
  • Review and manage the domains included in the OpenID implementation via a Domain management interface
  • Use various reporting tools and send the data to Excel
  • Leverage an admin control panel to create variables (e.g. who can receive email sent to the "contact us" form, set the maximum number of login attempts before access is disabled, set how long is the password reset link is valid for, etc.)

In addition end-users now can:

  • Enjoy the same password strength security as in Dropbox, thanks to a widget that measures the entropy of the characters in the password and rates it in a toolbar in real-time
  • Get redirected to the main Plone site immediately after registering an account.
  • Get their previously-stored password hashes automatically updated to current best practices thanks to "PassLib"
  • Check a "remember me" box on the sign in page

"Working with Six Feet Up has been a pleasure. They replaced our OpenID system with a modern implementation and seamlessly integrated it with our other websites. This allowed us to improve the security of the application with little to no impact on the users and provided us with a solid foundation for us to build on in the future." - Chris Fleisch, Programmer/Analyst at Simons Foundation

Performance

From a performance standpoint, the new OpenID implementation offers record stats, with performance log under 20 milliseconds. The only view that takes longer than this is the actual login form, which is by design. The login form takes longer to hash users' passwords to mitigate automated brute-force attacks.

OpenID Domain Management - SpeakFriend

Security

Security was also greatly improved in this new OpenID implementation: when new accounts are created, admins get automatically notified by email. And when users makes changes to their profiles, they also receive an automated confirmation email which can be highly customized.

OpenID Users - SpeakFriend

Next Steps


Select a type of support:

Contact our sales team

First name:
Last name:
Email:
Phone Number:
Message:
Fight spam:
What is + ?
 
Call Us 1 866.SIX FEET
Sections