UBB.Dev
Posted By: q_ware Password Encryption - 03/20/2002 9:07 PM
can anyone encrypt the passwords when stored in the 00000xxx.cgi files?
Posted By: MrStormyNights Re: Password Encryption - 03/20/2002 9:35 PM
Why would you want this? I understand some admins don't think its right to be able to see users passwords, but they are warned we can when they register.

In my view, I payed for the board, I work hard to maintain it and constantly upgrade it, so Its my board. I feel have the right to look at any and all information on my board, if the user is uncomfortable with that then they need to stay off my board.
Posted By: Erkman Re: Password Encryption - 03/20/2002 11:14 PM
But for securtiy is better the passes are crypted.
I think its a big security hole that the passes are stored uncrypted. And why a admin must read the user passes?
bye
Erkman
Posted By: PokeDigi Genius Re: Password Encryption - 03/21/2002 7:25 AM
The actual passwords have to be stored somewhere. What if for some reason you NEED to get someone's pass, but can't because it's encrypted? Plus where would the the passwords be stored?
Posted By: q_ware Re: Password Encryption - 03/21/2002 8:15 AM
Assume that it's ok to see the password if I am an Admin.

Assume that someone other than has the admin has stolen the user database files (00000xxx.cgi)

Assume that there is a way for the admin to set a PGP key (or whatever other customizable encryption method which only the admin knows)

Assume that the user passwords are encrypt in this way.

Then

The guy who stole the user database files cannot know the password.

Just for safety reason...
Posted By: CtrlAltDel Re: Password Encryption - 03/30/2002 7:14 AM
if you just moved your members files to a place where they are inaccessable to the web, but accessable to your site, IE, above web root, then you are fine.

plus if you are encrypting the passwords then you need to be able to decrypt them in may different places too.
Posted By: BlackTyranitar Re: Password Encryption - 03/30/2002 4:49 PM
its very well possible to make it use crypted passes, vbb does that too.
but, if u have encrypted passwords, u can still fake cookies and get into their account
Posted By: CtrlAltDel Re: Password Encryption - 04/02/2002 11:19 AM
yeah vbb has it
but php has a nice fast encode and decode function that it uses for the passwords.

no reason to slow down a perla/4.ed board any more then it needs to be.
© UBB.Developers