Security checks out … and so does Ben


Our security is tighter than this

Originally posted at Patreon

From login to data entry, security touches every aspect of web app. But by nature, security is picky.

Until recently, we didn’t dare log out of version 2 beta because the new secure login screen wasn’t fully developed. But it happened anyway. And in spite of being an avid 1password user, I neglected to jot down my login credentials. Oops.

While hacking his way back in, I hit several intentional obstacles.

  • Passwords can not be recovered, only changed. Once encrypted, they’re encrypted for good.

  • The system scans bits of information that I create, like character bios and blog posts, even if I had already given my username and password.

  • Future versions of the Grawlix CMS will not display errors, hiding sensitive “here’s how it should work” information.

So I faced a blank page and an identity challenge at every turn. Luckily I had full access to the database, and got back in with a new user and a fresh password — one reason databases have their own logins.

Security is tight by necessity, and we’re taking steps to make sure that only artists who own their site can get in — provided they don’t pull a Ben.

Anyone can read the blog, but patrons get inside info. Support our project!