Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Question continued...

  1. #1
    Banned
    Join Date
    Jan 2012
    Gender
    Posts
    8
    Thanks
    2
    Thanked 3 Times in 3 Posts


    Downloads
    13
    Uploads
    0
    Mentioned
    10 Post(s)
    Time Online
    11 h 56 m
    Avg. Time Online
    N/A
    Rep Power
    0

    Question continued...

    Quote Originally Posted by Infamous Joe View Post
    The authentication uses the same procedure as a regular login, so yes it is hashed (but unlike the normal one where it is done client side, this one is sent to my server where a PHP script does it).

    Thanks for trying to lookout though.
    But that's totally unsecure. It leaves security holes such as logging user information up in there air. Would it not be best to md5 it beforehand?

  2. #2


    Jolz's Avatar
    Join Date
    Oct 2012
    Gender
    Location
    Manchester, England
    Posts
    815
    Thanks
    401
    Thanked 1,483 Times in 726 Posts


    Downloads
    26
    Uploads
    0
    Mentioned
    485 Post(s)
    Time Online
    26 d 3 h 31 m
    Avg. Time Online
    19 m
    Rep Power
    8
    Gamer IDs

    PSN ID: Alexiisonfire
    Do we reply in new threads now?

    Why didn't I get the memo!

  3. The Following 2 Users Say Thank You to Jolz For This Useful Post:

    archon (06-15-2013),Mojo (06-16-2013)

  4. #3
    Banned
    Join Date
    Jan 2012
    Gender
    Posts
    8
    Thanks
    2
    Thanked 3 Times in 3 Posts


    Downloads
    13
    Uploads
    0
    Mentioned
    10 Post(s)
    Time Online
    11 h 56 m
    Avg. Time Online
    N/A
    Rep Power
    0
    Quote Originally Posted by Jolz View Post
    Do we reply in new threads now?

    Why didn't I get the memo!
    Yes, because replying in closed threads works well.

  5. #4
    Saiyan Race





    Infamous Joe's Avatar
    Join Date
    Dec 2011
    Gender
    Location
    Hyperbolic Time Chamber
    Age
    26
    Posts
    9,758
    Thanks
    2,780
    Thanked 16,245 Times in 4,239 Posts


    Downloads
    23
    Uploads
    36
    Mentioned
    2986 Post(s)
    Time Online
    293 d 23 h 59 m
    Avg. Time Online
    3 h 44 m
    Rep Power
    10
    Gamer IDs

    Gamertag: Infam0us Joe Steam ID: infamousjoe
    Quote Originally Posted by archon View Post
    But that's totally unsecure. It leaves security holes such as logging user information up in there air. Would it not be best to md5 it beforehand?
    Well I guess that's right, but am I (the only person) really going to record user information? If this forum was run on my own personal server that I have at home, I would actually take that route. But this forum is run on a host that I have purchased and they do not condone in that kind of activity. They can see everything I am doing and if they catch me recording personal information like that, I will be screwed. I'm sure somewhere in the registration process there is also a reference to this entire scenario.

    If it makes you feel safer, I can add what you are asking into the forum auth.

  6. #5


    Jolz's Avatar
    Join Date
    Oct 2012
    Gender
    Location
    Manchester, England
    Posts
    815
    Thanks
    401
    Thanked 1,483 Times in 726 Posts


    Downloads
    26
    Uploads
    0
    Mentioned
    485 Post(s)
    Time Online
    26 d 3 h 31 m
    Avg. Time Online
    19 m
    Rep Power
    8
    Gamer IDs

    PSN ID: Alexiisonfire
    Quote Originally Posted by archon View Post
    Yes, because replying in closed threads works well.
    wow... take a joke dude

  7. The Following 4 Users Say Thank You to Jolz For This Useful Post:

    archon (06-15-2013),Duck4Cover (06-15-2013),Mojo (06-16-2013),simmie (06-16-2013)

  8. #6
    Banned
    Join Date
    Jan 2012
    Gender
    Posts
    8
    Thanks
    2
    Thanked 3 Times in 3 Posts


    Downloads
    13
    Uploads
    0
    Mentioned
    10 Post(s)
    Time Online
    11 h 56 m
    Avg. Time Online
    N/A
    Rep Power
    0
    Quote Originally Posted by Infamous Joe View Post
    Well I guess that's right, but am I (the only person) really going to record user information? If this forum was run on my own personal server that I have at home, I would actually take that route. But this forum is run on a host that I have purchased and they do not condone in that kind of activity. They can see everything I am doing and if they catch me recording personal information like that, I will be screwed. I'm sure somewhere in the registration process there is also a reference to this entire scenario.

    If it makes you feel safer, I can add what you are asking into the forum auth.
    I'm not asking for anything, I'm simply offering advice. It would be the safer method, and isn't that what you want from your members?

    Anyways, VB.net is also not as secure as you want it to be, because anything in vb.net can be easily hex edited.

    ---------- Post added at 06:07 PM ---------- Previous post was at 06:07 PM ----------

    Quote Originally Posted by Jolz View Post
    wow... take a joke dude
    Didn't realize I said something offensive?

  9. #7
    Saiyan Race





    Infamous Joe's Avatar
    Join Date
    Dec 2011
    Gender
    Location
    Hyperbolic Time Chamber
    Age
    26
    Posts
    9,758
    Thanks
    2,780
    Thanked 16,245 Times in 4,239 Posts


    Downloads
    23
    Uploads
    36
    Mentioned
    2986 Post(s)
    Time Online
    293 d 23 h 59 m
    Avg. Time Online
    3 h 44 m
    Rep Power
    10
    Gamer IDs

    Gamertag: Infam0us Joe Steam ID: infamousjoe
    OK now you sound like you're talking about something else.

    Are you talking about my server-sided auth? Or the code inside of my program?

    My auth actually hashes the password, if you did not see that when you used my program. When accessing the auth PHP file, though, the password is sent decrypted only because it is between my server and the user authenticating.

    If you're talking about my server-sided auth, like I said there is no need for me to modify it to accept a hashed password as I do not record any information from members upon authenticating. Hell if I wanted to I would just modify the login.php script from vBulletin to take anyone's password and I would be sued by everyone.

    So yeah, rest assured to all members, you're information is safe.

    PS: I don't code in VB.

  10. The Following 2 Users Say Thank You to Infamous Joe For This Useful Post:

    esperanto (06-15-2013),I_royalty_I (06-15-2013)

  11. #8
    Banned
    Join Date
    Jan 2012
    Gender
    Posts
    8
    Thanks
    2
    Thanked 3 Times in 3 Posts


    Downloads
    13
    Uploads
    0
    Mentioned
    10 Post(s)
    Time Online
    11 h 56 m
    Avg. Time Online
    N/A
    Rep Power
    0
    Quote Originally Posted by Infamous Joe View Post
    OK now you sound like you're talking about something else.

    Are you talking about my server-sided auth? Or the code inside of my program?

    My auth actually hashes the password, if you did not see that when you used my program. When accessing the auth PHP file, though, the password is sent decrypted only because it is between my server and the user authenticating.

    If you're talking about my server-sided auth, like I said there is no need for me to modify it to accept a hashed password as I do not record any information from members upon authenticating. Hell if I wanted to I would just modify the login.php script from vBulletin to take anyone's password and I would be sued by everyone.
    Well you wouldn't be sued until anyone found out lol. BUT I think it would be best to have both forum.php and auth.php passwords be md5'd just to stay secure and safe and remove doubts from anyone.

    But what I meant by the VB.net, its that even if you have your auth.php in a label or textbox, it can easily be hex edited and cracked since vb.net parses the urls before compiling (something like that) but check for yourself. If you still don't get what I mean, hmu on skype or something

    ---------- Post added at 06:22 PM ---------- Previous post was at 06:20 PM ----------

    Quote Originally Posted by Infamous Joe View Post
    PS: I don't code in VB.
    Then it might just be .net

  12. #9

    Gray's Avatar
    Join Date
    Apr 2013
    Gender
    Location
    Toronto, Canada
    Posts
    155
    Thanks
    5
    Thanked 193 Times in 117 Posts


    Downloads
    68
    Uploads
    0
    Mentioned
    85 Post(s)
    Time Online
    20 d 9 h 34 m
    Avg. Time Online
    17 m
    Rep Power
    5
    I don't know about anyone else here, but why does any of this even matter?

  13. #10
    Saiyan Race





    Infamous Joe's Avatar
    Join Date
    Dec 2011
    Gender
    Location
    Hyperbolic Time Chamber
    Age
    26
    Posts
    9,758
    Thanks
    2,780
    Thanked 16,245 Times in 4,239 Posts


    Downloads
    23
    Uploads
    36
    Mentioned
    2986 Post(s)
    Time Online
    293 d 23 h 59 m
    Avg. Time Online
    3 h 44 m
    Rep Power
    10
    Gamer IDs

    Gamertag: Infam0us Joe Steam ID: infamousjoe
    Quote Originally Posted by Pistold View Post
    I don't know about anyone else here, but why does any of this even matter?
    Just read the replies, you'll see it should not be worried about.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •