Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Question continued...

  1. #1

    Joined
    Jan 2012
    Posts
    8
    Thanks
    2
    Thanked
    3/3
    DL/UL
    13/0
    Mentioned
    10 times
    Time Online
    11h 56m
    Avg. Time Online
    N/A

    Question continued...

    Quote Originally Posted by Infamous Joe View Post
    The authentication uses the same procedure as a regular login, so yes it is hashed (but unlike the normal one where it is done client side, this one is sent to my server where a PHP script does it).

    Thanks for trying to lookout though.
    But that's totally unsecure. It leaves security holes such as logging user information up in there air. Would it not be best to md5 it beforehand?

  2. #2
    Jolz's Avatar
    Joined
    Oct 2012
    Posts
    807
    Userbars
    6
    Thanks
    401
    Thanked
    1,490/730
    DL/UL
    26/0
    Mentioned
    487 times
    Time Online
    26d 4h 56m
    Avg. Time Online
    9m
    Do we reply in new threads now?

    Why didn't I get the memo!


    I see you have an opinion?



  3. The Following 2 Users Say Thank You to Jolz For This Useful Post:

    archon (06-15-2013),Mojo (06-16-2013)

  4. #3

    Joined
    Jan 2012
    Posts
    8
    Thanks
    2
    Thanked
    3/3
    DL/UL
    13/0
    Mentioned
    10 times
    Time Online
    11h 56m
    Avg. Time Online
    N/A
    Quote Originally Posted by Jolz View Post
    Do we reply in new threads now?

    Why didn't I get the memo!
    Yes, because replying in closed threads works well.

  5. #4
    Saiyan Race
    j03's Avatar
    Joined
    Dec 2011
    Posts
    13,720
    Userbars
    166
    Thanks
    5,906
    Thanked
    33,076/6,608
    DL/UL
    23/36
    Mentioned
    3,867 times
    Time Online
    563d 4h 55m
    Avg. Time Online
    3h 13m
    Quote Originally Posted by archon View Post
    But that's totally unsecure. It leaves security holes such as logging user information up in there air. Would it not be best to md5 it beforehand?
    Well I guess that's right, but am I (the only person) really going to record user information? If this forum was run on my own personal server that I have at home, I would actually take that route. But this forum is run on a host that I have purchased and they do not condone in that kind of activity. They can see everything I am doing and if they catch me recording personal information like that, I will be screwed. I'm sure somewhere in the registration process there is also a reference to this entire scenario.

    If it makes you feel safer, I can add what you are asking into the forum auth.
    (you need an account to see links)
    (you need an account to see links)(you need an account to see links)

    ------------------------
    [02/24/2013] Stealth CORE is made into the first standalone Neopets auto-player.
    ------------------------


  6. #5
    Jolz's Avatar
    Joined
    Oct 2012
    Posts
    807
    Userbars
    6
    Thanks
    401
    Thanked
    1,490/730
    DL/UL
    26/0
    Mentioned
    487 times
    Time Online
    26d 4h 56m
    Avg. Time Online
    9m
    Quote Originally Posted by archon View Post
    Yes, because replying in closed threads works well.
    wow... take a joke dude


    I see you have an opinion?



  7. The Following 4 Users Say Thank You to Jolz For This Useful Post:

    archon (06-15-2013),Duck4Cover (06-15-2013),Mojo (06-16-2013),simmie (06-16-2013)

  8. #6

    Joined
    Jan 2012
    Posts
    8
    Thanks
    2
    Thanked
    3/3
    DL/UL
    13/0
    Mentioned
    10 times
    Time Online
    11h 56m
    Avg. Time Online
    N/A
    Quote Originally Posted by Infamous Joe View Post
    Well I guess that's right, but am I (the only person) really going to record user information? If this forum was run on my own personal server that I have at home, I would actually take that route. But this forum is run on a host that I have purchased and they do not condone in that kind of activity. They can see everything I am doing and if they catch me recording personal information like that, I will be screwed. I'm sure somewhere in the registration process there is also a reference to this entire scenario.

    If it makes you feel safer, I can add what you are asking into the forum auth.
    I'm not asking for anything, I'm simply offering advice. It would be the safer method, and isn't that what you want from your members?

    Anyways, VB.net is also not as secure as you want it to be, because anything in vb.net can be easily hex edited.

    ---------- Post added at 06:07 PM ---------- Previous post was at 06:07 PM ----------

    Quote Originally Posted by Jolz View Post
    wow... take a joke dude
    Didn't realize I said something offensive?

  9. #7
    Saiyan Race
    j03's Avatar
    Joined
    Dec 2011
    Posts
    13,720
    Userbars
    166
    Thanks
    5,906
    Thanked
    33,076/6,608
    DL/UL
    23/36
    Mentioned
    3,867 times
    Time Online
    563d 4h 55m
    Avg. Time Online
    3h 13m
    OK now you sound like you're talking about something else.

    Are you talking about my server-sided auth? Or the code inside of my program?

    My auth actually hashes the password, if you did not see that when you used my program. When accessing the auth PHP file, though, the password is sent decrypted only because it is between my server and the user authenticating.

    If you're talking about my server-sided auth, like I said there is no need for me to modify it to accept a hashed password as I do not record any information from members upon authenticating. Hell if I wanted to I would just modify the login.php script from vBulletin to take anyone's password and I would be sued by everyone.

    So yeah, rest assured to all members, you're information is safe.

    PS: I don't code in VB.
    (you need an account to see links)
    (you need an account to see links)(you need an account to see links)

    ------------------------
    [02/24/2013] Stealth CORE is made into the first standalone Neopets auto-player.
    ------------------------


  10. The Following 2 Users Say Thank You to j03 For This Useful Post:

    esperanto (06-15-2013),I_royalty_I (06-15-2013)

  11. #8

    Joined
    Jan 2012
    Posts
    8
    Thanks
    2
    Thanked
    3/3
    DL/UL
    13/0
    Mentioned
    10 times
    Time Online
    11h 56m
    Avg. Time Online
    N/A
    Quote Originally Posted by Infamous Joe View Post
    OK now you sound like you're talking about something else.

    Are you talking about my server-sided auth? Or the code inside of my program?

    My auth actually hashes the password, if you did not see that when you used my program. When accessing the auth PHP file, though, the password is sent decrypted only because it is between my server and the user authenticating.

    If you're talking about my server-sided auth, like I said there is no need for me to modify it to accept a hashed password as I do not record any information from members upon authenticating. Hell if I wanted to I would just modify the login.php script from vBulletin to take anyone's password and I would be sued by everyone.
    Well you wouldn't be sued until anyone found out lol. BUT I think it would be best to have both forum.php and auth.php passwords be md5'd just to stay secure and safe and remove doubts from anyone.

    But what I meant by the VB.net, its that even if you have your auth.php in a label or textbox, it can easily be hex edited and cracked since vb.net parses the urls before compiling (something like that) but check for yourself. If you still don't get what I mean, hmu on skype or something

    ---------- Post added at 06:22 PM ---------- Previous post was at 06:20 PM ----------

    Quote Originally Posted by Infamous Joe View Post
    PS: I don't code in VB.
    Then it might just be .net

  12. #9

    Gray's Avatar
    Joined
    Apr 2013
    Posts
    155
    Userbars
    3
    Thanks
    5
    Thanked
    193/117
    DL/UL
    68/0
    Mentioned
    85 times
    Time Online
    20d 11h 38m
    Avg. Time Online
    7m
    I don't know about anyone else here, but why does any of this even matter?

  13. #10
    Saiyan Race
    j03's Avatar
    Joined
    Dec 2011
    Posts
    13,720
    Userbars
    166
    Thanks
    5,906
    Thanked
    33,076/6,608
    DL/UL
    23/36
    Mentioned
    3,867 times
    Time Online
    563d 4h 55m
    Avg. Time Online
    3h 13m
    Quote Originally Posted by Pistold View Post
    I don't know about anyone else here, but why does any of this even matter?
    Just read the replies, you'll see it should not be worried about.
    (you need an account to see links)
    (you need an account to see links)(you need an account to see links)

    ------------------------
    [02/24/2013] Stealth CORE is made into the first standalone Neopets auto-player.
    ------------------------


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •