SteveT
Member of DD Central
Posts: 6,875 
Likes: 7,924
|
Post by SteveT on Apr 12, 2016 7:54:16 GMT
|
|
|
|
Post by chris on Apr 12, 2016 7:55:32 GMT
It's actually on the schedule for today! Mark is building it.
|
|
SteveT
Member of DD Central
Posts: 6,875
Likes: 7,924
|
Post by SteveT on Apr 12, 2016 9:16:43 GMT
It's actually on the schedule for today! Mark is building it. Great, thanks Mark! Any chance you could also add a "Show All" (or "Show 200") option in the Live Loans display drop-down? Now that there are 137 loans, it's annoying only to be able to see 100 on a page.
|
|
ianj
Member of DD Central
Posts: 656
Likes: 520
|
Post by ianj on Apr 12, 2016 10:14:46 GMT
Any chance you could also add a "Show All" (or "Show 200") option in the Live Loans display drop-down? Now that there are 137 loans, it's annoying only to be able to see 100 on a page. And allow the 'increased' selection to be 'remembered' and not, most annoyingly, always revert to 50!
|
|
warn
Member of DD Central
Curmudgeon
Posts: 638
Likes: 659
|
Post by warn on Apr 12, 2016 12:09:54 GMT
Hi chris, any idea when we might see the "Maintain target on amortising loans" feature you offered to restore a few months back? |
|
ianj
Member of DD Central
Posts: 656
Likes: 520
|
Post by ianj on Apr 20, 2016 13:38:16 GMT
Hi chris , any idea when we might see the "Maintain target on amortising loans" feature you offered to restore a few months back? Would it be an act of supreme optimism to suggest it might be implemented in tomorrows maintenance slot?    Of course it would! 
|
|
bg
Member of DD Central
Posts: 1,368
Likes: 1,929
|
Post by bg on Apr 22, 2016 16:00:02 GMT
My suggestions for improvement are as follows:-
1) on on the dashboard page stopping it from coming up with £0.00 in the pop up when you select invest or withdraw. It's incredibly irritating (especially on an ipad) when you click the box but then have to delete what's in there (so you don't buy £0.500000 when you meant to buy £5000, depending on where the cursor turns up)
2) in the QAA summary box have a total amount invested so I don't have to add my direct and indirect investments together
3) have a 'sell all' option when selling a loan so I don't have to go back and write on a bit of paper £13.864.34 so I know the amount to sell when exiting a loan
4) have an earnings summary (similar to Fanny Schmeler) so we can easily track our lifetime earnings (I do get a sense of satisfaction as this ticks up)
|
|
|
|
Post by profunder on Apr 22, 2016 17:42:59 GMT
On number 3 just enter a sell for £1 million pounds and cancel the order once all sold.
|
|
DiQ
Member of DD Central
Posts: 61
Likes: 48
|
Post by DiQ on Apr 27, 2016 10:18:42 GMT
Can I suggest an improved method of dealing with the Security Questions on the Profile page.
Having them displayed in plain text as they are at the moment doesn't strike me as being very secure. For example a bank wouldn't display them like this, they'd just provide the option to change them.
|
|
|
|
Post by eascogo on Apr 27, 2016 23:42:09 GMT
Can I suggest an improved method of dealing with the Security Questions on the Profile page. Having them displayed in plain text as they are at the moment doesn't strike me as being very secure. For example a bank wouldn't display them like this, they'd just provide the option to change them. Thanks for pointing this out. I hadn't noticed that before. Seeing such information displayed raises security concerns. Not only are the three security questions spelled out but so are the answers to them. At the very least I would want the answers not to be visible and, further, to be hidden from anyone via encryption. Is this not current practice in the banking sector? Do other forumites echo these concerns?
|
|
Mike
Member of DD Central
Posts: 651
Likes: 446
|
Post by Mike on Apr 28, 2016 1:40:10 GMT
... At the very least I would want the answers not to be visible and, further, to be hidden from anyone via encryption. Is this not current practice in the banking sector? Do other forumites echo these concerns? That profile page is delivered to me securely. Whether or not you can see what is typed in the field is irrelevant so far as encryption goes. So far as the unmasked nature of the answers, well this only becomes an issue if someone unscrupulous happens to be peeking over your shoulder while you edit your profile...
|
|
DiQ
Member of DD Central
Posts: 61
Likes: 48
|
Post by DiQ on Apr 28, 2016 13:28:48 GMT
... At the very least I would want the answers not to be visible and, further, to be hidden from anyone via encryption. Is this not current practice in the banking sector? Do other forumites echo these concerns? That profile page is delivered to me securely. Whether or not you can see what is typed in the field is irrelevant so far as encryption goes. So far as the unmasked nature of the answers, well this only becomes an issue if someone unscrupulous happens to be peeking over your shoulder while you edit your profile... That's not correct. The answers should be kept in an encrypted state at all times, only the encrypted hashes should be stored never the plain text. If the page is showing you plain text then it's not encrypted and it's not secure. This needs to be changed
|
|
Mike
Member of DD Central
Posts: 651
Likes: 446
|
Post by Mike on Apr 28, 2016 14:13:51 GMT
That profile page is delivered to me securely. Whether or not you can see what is typed in the field is irrelevant so far as encryption goes. So far as the unmasked nature of the answers, well this only becomes an issue if someone unscrupulous happens to be peeking over your shoulder while you edit your profile... That's not correct. The answers should be kept in an encrypted state at all times, only the encrypted hashes should be stored never the plain text. If the page is showing you plain text then it's not encrypted and it's not secure. This needs to be changed Jah you are right, my apologies for misunderstanding the post.
|
|
investibod
Member of DD Central
Posts: 288
Likes: 152
|
Post by investibod on Apr 28, 2016 15:50:04 GMT
That's not correct. The answers should be kept in an encrypted state at all times, only the encrypted hashes should be stored never the plain text. If the page is showing you plain text then it's not encrypted and it's not secure. This needs to be changed Jah you are right, my apologies for misunderstanding the post. Yes, that must be true. When I first registered I made a typo when creating one of the security responces. I was of course unable to log in, so phone Assetz for help. Once I had confirmed my identity, including giving the other 2 security answers and what I had intended to type for the first, the person on the phone told my what I had actually typed and corrected it for me. In order to have done this, they must had access to the unencrypted answers. I did not think of this as a security concern at the time, but with hindsight it is not best practice.
|
|
DiQ
Member of DD Central
Posts: 61
Likes: 48
|
Post by DiQ on Apr 29, 2016 9:22:21 GMT
Jah you are right, my apologies for misunderstanding the post. Yes, that must be true. When I first registered I made a typo when creating one of the security responses. I was of course unable to log in, so phone Assetz for help. Once I had confirmed my identity, including giving the other 2 security answers and what I had intended to type for the first, the person on the phone told my what I had actually typed and corrected it for me. In order to have done this, they must had access to the unencrypted answers. I did not think of this as a security concern at the time, but with hindsight it is not best practice. Again I'm going to have to disagree. Computer / online security is done in layers with the idea that if one layer fails the next will protect. In this situation we have a layer that provides next to no security. Not only is this useless as a security layer but I believe it to be detrimental, having the possibility of working against your general online security. How many other sites of any type ask these questions? Favorite colour and memorable date are extremely common and if they're not secured properly here they could be used to add to an attacker's profile of you. This needs attention.
|
|
Of course it would! 
