|
|
|
|
Joined: Apr 2001
Posts: 11
Power User
|
|
Power User
Joined: Apr 2001
Posts: 11 |
I noticed in the 6.0 modifictaions that a new authentication system is in use. Previously it stored username/password but now stores user_number/unique_hash.
Is there a reason for this and how could my current 5.4 system be less secure.
My original w3threads licence has expired, should I consider renewing and getting the 6.0
I run it with sessions.
Thanks,
--<br>Roger
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
For ~$32/year for your download privileges renewal, I can't think of a better investment  I kick myself everytime that I think about missing out on a threads license before IP bought them
|
|
|
|
|
Joined: May 1999
Posts: 3,039
Guru
|
|
Guru
Joined: May 1999
Posts: 3,039 |
The old system stored the encrypted password in the cookie and because of this it had to authenticate against this as well. So, if someone looked at the db, they could actually login with your encrypted password. Also, we will be moving to referencing everything by user number internally to make things easier for future modifications so this was one change that needed to be done for this.
UBB.threads Developer
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 808
Joined: July 2001
|
|
|
Forums63
Topics37,575
Posts293,932
Members13,824
| |
Most Online6,139
Sep 21st, 2024
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
|
|
