Posts: 864
Threads: 13
Joined: Oct 2003
password encryption isnt that big of a deal. Only way someone can get the passwords is thru the database, which noone should have access to anyways except you. Just do as toonski and ado suggest by adding your own encrpytion. Calm down :roll:
igitalblackie.com - Done!
Ask about our hosting
-Goddess of the of the No More Religion Threads movement
Posts: 6,419
Threads: 74
Joined: Mar 2002
He did not have a child, but he had a 9 months pregnant girl to care about. As I see it, Seph is not to blame of what's happening: I must've missed something, but he never claimed that his forum used encryption, so there is nothing to upbraid him. I suggest that you go and encrypt the passwords. Anyhow, decrypted passwords are harmless unless someone can crack into your database and see them.
Posts: 3,616
Threads: 287
Joined: Jan 2003
Nobody's going to hack into the database. I suppose I am overreacting. =/
f only life let you press CTRL-Z.
--------------------------------------
Freebasic is like QB, except it doesn't suck.
Posts: 864
Threads: 13
Joined: Oct 2003
You know, by posting on a public forum that the sephforum doesnt encrypt the passwords, you've exposed all sephforums to malicious people who have nothing else better to do that exploit people. Luckily most people are on hosts at datacenters with tight security.
This is something that should have been taken up privately with seph instead of chastising him here in public.
igitalblackie.com - Done!
Ask about our hosting
-Goddess of the of the No More Religion Threads movement
Posts: 394
Threads: 16
Joined: Jun 2003
$mySQLPass = crypt($registeredPass, $encodeString);
$result = mysql_query("INSERT INTO tablename password=".$mySQLPass." . . . whatever");
or use UPDATE tablename SET password= . . . whatever.
and then when checking, pseudo:
<INPUT TYPE="PASSWORD" NAME="loginPass">
$loginPass = crypt($loginPass, $encodeString);
if ($mySQLPass != $loginPass) {
// whatever happens when you provide wrong password
}
use php's encrypt as a quick fix
ammit potato!
Posts: 614
Threads: 87
Joined: Aug 2001
Quote:You know, by posting on a public forum that the sephforum doesnt encrypt the passwords, you've exposed all sephforums to malicious people who have nothing else better to do that exploit people. Luckily most people are on hosts at datacenters with tight security.
This is something that should have been taken up privately with seph instead of chastising him here in public.
Except of course that the forum code is freely available for anyone to poke holes in (why they would do that is beyond me).
Posts: 3,288
Threads: 167
Joined: Nov 2001
Quote:My family had to take care of my 2-month old cousin a few years back. The little thing didn't stop screaming and crying, and it couldn't even sit up and it pooped all the time... And this is after two months. A baby is a *huge* amount of work, and Seph's is only a few weeks old.
Tell me about it. :*)
Posts: 3,279
Threads: 170
Joined: Nov 2003
Quote:Nobody's going to hack into the database. I suppose I am overreacting. =/
Of course you're overreacting. Now calm down.
I'd knock on wood, but my desk is particle board.
Posts: 3,616
Threads: 287
Joined: Jan 2003
I'm calm, I'm calm. :wink:
The only problem here I can see, is...you (Nek), Rhia, Rel, Fling, Potato, and Toonski aren't going to register.
Ah, well, I'll get the newbies. :wink:
f only life let you press CTRL-Z.
--------------------------------------
Freebasic is like QB, except it doesn't suck.
Posts: 2,771
Threads: 96
Joined: Oct 2003
Why not? Zack... just add the MD5 function in to a couple of places, announce the changes, and hey presto everyone will be fine with signing up!