Introducing Boink: the “good enough” security challenge
I've been using Tumblr for a while. I like the simplicity of the platform, the ability to aggregate out posts to social network sites & the fact that I can easily download all the content out via the API. The problem is it doesn't have a lot of security or access control features.
Now, I don't want a full blown username/password type of a security. I only wanted for people to prove that they ‘kinda’ know me in real life by asking a private question like what is my daughter's name. A good enough security measure.
See it in action on my personal photo blog: Kucing Nyasar
What it doesn't do
- it doesn't stop hackers (or html/js savvy people) from getting in. It's just a ‘good enough’ security measure.
- it doesn't protect the information of the webpage securely.
- (right now) it doesn't even protect the secret answer securely. On the next release, instead of storing the secret answer as plain text, it will require the admin to specify an md5 hash of the secret answer instead. Feel free to help out implementing this.
How to get it
You can also find the road map.