can anyone encrypt the passwords when stored in the 00000xxx.cgi files?
Why would you want this? I understand some admins don't think its right to be able to see users passwords, but they are warned we can when they register.
In my view, I payed for the board, I work hard to maintain it and constantly upgrade it, so Its my board. I feel have the right to look at any and all information on my board, if the user is uncomfortable with that then they need to stay off my board.
But for securtiy is better the passes are crypted.
I think its a big security hole that the passes are stored uncrypted. And why a admin must read the user passes?
bye
Erkman
The actual passwords have to be stored somewhere. What if for some reason you NEED to get someone's pass, but can't because it's encrypted? Plus where would the the passwords be stored?
Assume that it's ok to see the password if I am an Admin.
Assume that someone other than has the admin has stolen the user database files (00000xxx.cgi)
Assume that there is a way for the admin to set a PGP key (or whatever other customizable encryption method which only the admin knows)
Assume that the user passwords are encrypt in this way.
Then
The guy who stole the user database files cannot know the password.
Just for safety reason...
if you just moved your members files to a place where they are inaccessable to the web, but accessable to your site, IE, above web root, then you are fine.
plus if you are encrypting the passwords then you need to be able to decrypt them in may different places too.
its very well possible to make it use crypted passes, vbb does that too.
but, if u have encrypted passwords, u can still fake cookies and get into their account
yeah vbb has it
but php has a nice fast encode and decode function that it uses for the passwords.
no reason to slow down a perla/4.ed board any more then it needs to be.