Previous Thread
Next Thread
Print Thread
Rate Thread
#190650 03/20/2002 2:07 PM
Joined: Mar 2001
Posts: 117
Member
Member
Offline
Joined: Mar 2001
Posts: 117
can anyone encrypt the passwords when stored in the 00000xxx.cgi files?

Sponsored Links
#190651 03/20/2002 2:35 PM
Joined: Sep 2001
Posts: 170
Member
Member
Offline
Joined: Sep 2001
Posts: 170
Why would you want this? I understand some admins don't think its right to be able to see users passwords, but they are warned we can when they register.

In my view, I payed for the board, I work hard to maintain it and constantly upgrade it, so Its my board. I feel have the right to look at any and all information on my board, if the user is uncomfortable with that then they need to stay off my board.

#190652 03/20/2002 4:14 PM
Joined: May 2001
Posts: 10
Junior Member
Junior Member
Offline
Joined: May 2001
Posts: 10
But for securtiy is better the passes are crypted.
I think its a big security hole that the passes are stored uncrypted. And why a admin must read the user passes?
bye
Erkman

#190653 03/21/2002 12:25 AM
Joined: Apr 2001
Posts: 73
Member
Member
Offline
Joined: Apr 2001
Posts: 73
The actual passwords have to be stored somewhere. What if for some reason you NEED to get someone's pass, but can't because it's encrypted? Plus where would the the passwords be stored?

#190654 03/21/2002 1:15 AM
Joined: Mar 2001
Posts: 117
Member
Member
Offline
Joined: Mar 2001
Posts: 117
Assume that it's ok to see the password if I am an Admin.

Assume that someone other than has the admin has stolen the user database files (00000xxx.cgi)

Assume that there is a way for the admin to set a PGP key (or whatever other customizable encryption method which only the admin knows)

Assume that the user passwords are encrypt in this way.

Then

The guy who stole the user database files cannot know the password.

Just for safety reason...

Sponsored Links
#190655 03/30/2002 12:14 AM
Joined: Jun 2000
Posts: 150
Member
Member
Offline
Joined: Jun 2000
Posts: 150
if you just moved your members files to a place where they are inaccessable to the web, but accessable to your site, IE, above web root, then you are fine.

plus if you are encrypting the passwords then you need to be able to decrypt them in may different places too.

#190656 03/30/2002 9:49 AM
Joined: Mar 2002
Posts: 8
Junior Member
Junior Member
Offline
Joined: Mar 2002
Posts: 8
its very well possible to make it use crypted passes, vbb does that too.
but, if u have encrypted passwords, u can still fake cookies and get into their account

#190657 04/02/2002 4:19 AM
Joined: Jun 2000
Posts: 150
Member
Member
Offline
Joined: Jun 2000
Posts: 150
yeah vbb has it
but php has a nice fast encode and decode function that it uses for the passwords.

no reason to slow down a perla/4.ed board any more then it needs to be.


Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
Bill B
Bill B
Issaquah, WA
Posts: 87
Joined: December 2001
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
WebGuy 2
Morgan 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)