UBB.Developers Forums UBB.classic V6.4 - 6.7 Modifications V6 Mod Ideas Question bout security

Is there any hack that added "current password" and "confirm password" in update/view profile section ?

:rolleyes:
So, for anyone who want change his/her password, must enter the current password.

For increasing security, you know sometimes I left the forum WITHOUT logout in cafe.
Nah, If somebody changes my password I'm dead meat......

Ok, you requested the feature and then dont want it? Well someone should do it anyways.

?????
I... didn't request that feature ??? ?????

I did request and want that feature.

[ April 14, 2001 12:23 PM: Message edited by: kyo ]

Oh yeah, another security hole i found:

There is no automatic logoff for forum, unlike I login into cp.

I leaving it about for 20 or 25 minutes, the forum cookies is cleared. But I don't find this on UBB ver 6.01 (except login for the CP, it has auto-expired, but not forum login !)

[ April 14, 2001 12:26 PM: Message edited by: kyo ]

This makes no sense at all....

Hello ?

(Did somebody experienced the same problem as me ? Or just me only ?)

I think kyo's suggestion to have a password field to type in current password would be good if users want to change password in the edit profile page.

Basically I think what he's saying is that he visits here from a public computer, and unless he specifically logs out, anyone could get in and change his password, without actually having to know it.