Register | Login | |||||
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
| |
0 users currently in Announcements. |
Acmlm's Board - I3 Archive - Announcements - 2006-11-13 - Password System | New poll | | |
Pages: 1 2 | Add to favorites | Next newer thread | Next older thread |
User | Post | ||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6432 days Last view: 6432 days |
| ||
Mrew! | |||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6432 days Last view: 6432 days |
| ||
Executive summary:
Passwords are a little more secure than they were last night. Summary: - Passwords aren't stored in plaintext on the new thread/reply pages any more, so scripts trying to access this information will fail. - You no longer have the ability to change which account you're posting if you're logged in, but you probably shouldn't have an alternate account anyway - Edit Profile requires your old password as well as confirmation of the new one, so that your password still can't be changed by someone else in the event they gain access to your account, unless they know the password. This should also eliminate typos in the password field rendering accounts useless. =P (I should implement this on the register page too) - The cookies the board stores are no longer encrypted/decrypted by the board -- it's now a hash, so getting the password back out of it will be at least slightly more difficult. Of course, this has the nasty side effect of forcing everyone to log in again now (note: the cookies will still last forever, you just need to log in again once) - An unrelated change that I'm sure none of you will dislike Known flaws: - The acmlm.org site is broken. I know. Not like anyone ever used it anyway but I'll get it fixed soon if anyone actually cares enough. If you have any comments, or if you find any small bugs, feel free to post about them here. For any major fuckups or potential security holes, please contact me over the internets (check my profile). I don't think there are, but I coded this mostly at 3 AM in the morning so it's always possible I screwed something up somewhere. |
|||
darkwitch Red Cheep-cheep Since: 10-16-06 From: Puerto Rico Last post: 6432 days Last view: 6432 days |
| ||
Well more re-modelations to AB .
In edit profile, the field that says "Confirm Password" says "Confirm your current password" , so what? Isn't it supposed to confirm the new one not the old one? |
|||
Kailieann Since: 11-18-05 Last post: 6432 days Last view: 6432 days |
| ||
Confirming the old one makes far more sense. But it sounded like it was supposed to confirm both | |||
darkwitch Red Cheep-cheep Since: 10-16-06 From: Puerto Rico Last post: 6432 days Last view: 6432 days |
| ||
No, obviously the one you must confirm is the new one, to make sure you aren't misspelling it. If you know the old password you don't need to confirm it. | |||
Forte.EXE When life seems to get bad, just suck it up and deal with it! Since: 11-18-05 From: Singe City, Ajiina (Davenport, Iowa) Last post: 6435 days Last view: 6433 days |
| ||
Well... like the new updates and everything, but I can't log onto my username, but I can still do posting the other way. | |||
Alastor Fearless Moderator Hero Since: 11-17-05 From: An apartment by DigiPen, Redmond, Washington Last post: 6432 days Last view: 6432 days |
| ||
Originally posted by XkeeperYou bastard. I used that feature |
|||
ibz10g Spiny Since: 08-10-06 From: Altoona, Iowa Last post: 6477 days Last view: 6477 days |
| ||
Originally posted by Xkeeper The removal of Big Topics? Either way, I guess this password system helps out a bit. |
|||
pikaguy900 Sparky Since: 08-10-06 Last post: 6445 days Last view: 6432 days |
| ||
Originally posted by ibz10g I seriously hope that wasn't what he was talking about. I liked Big Topics, and now it's gone. Good thing my life still has meaning. |
|||
BooUrns Buster Beetle Since: 05-07-06 From: The CS Last post: 6433 days Last view: 6433 days |
| ||
Originally posted by ibz10g |
|||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6432 days Last view: 6432 days |
| ||
Originally posted by Alastor the StylishOriginally posted by XkeeperYou bastard. I used that feature I did too, but the slight ease of using that doesn't really stand up to someone being able to steal whatever you put in the password box, does it? =P - Thanks Peridian and JD, Edit Profile works again. (d'oh) |
|||
Tweaker Red Koopa Since: 11-18-05 From: Rochester, NY Last post: 6432 days Last view: 6432 days |
| ||
I'd like to put forward the proposition of making the "multiple account posting" shit an optional feature, and only for cool people. Sorta like approval, but not, and at Xk's discretion. Everyone wins! And since it'd be optional, it's your own fault if you get haxed.
EDIT: Another possibility would be to allow "account linking," where you can link multiple accounts through your profile (ala AIM) and choose which one via a drop-down box which one to post with. That's actually a pretty good idea, now that I think of it. Wanna try that? =P (edited by Tweaker on 11-13-06 08:53 PM) |
|||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6432 days Last view: 6432 days |
| ||
Account linking? Eh.
I'll think about it, but managing links might be a bit harder. :/ |
|||
Milly Metal axe mrew~ We're downpouring again! Affected by 'wtf I'm posting Syndrome' Since: 11-17-05 From: Mirabel, Québec, Canada Last post: 6449 days Last view: 6432 days |
| ||
That could have been more useful in 2001 when multiple accounts were allowed and many people had them, although I guess it's not a bad idea ... maybe I'd even bring back my old neglected Acmilia out of boredom | |||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6432 days Last view: 6432 days |
| ||
Or Femi--
* is shot |
|||
HyperHacker Star Mario Finally being paid to code in VB! If only I still enjoyed that. <_< Wii #7182 6487 4198 1828 Since: 11-18-05 From: Canada, w00t! My computer's specs, if anyone gives a damn. STOP TRUNCATING THIS >8^( Last post: 6432 days Last view: 6432 days |
| ||
About time this was done. I noticed loguserid has been dropped from the cookie entirely. Is the user ID now just appended to the password hash (or vice-versa) or is it true session IDs? | |||
Cynthia Uh-huh. Since: 11-17-05 From: LaSalle, Quebec, Canada Last post: 6432 days Last view: 6432 days |
| ||
You should know better than anyone else not to bring that name up again.
I mean, it would be nice if we saw Fem--- *is stabbed* |
|||
HyperHacker Star Mario Finally being paid to code in VB! If only I still enjoyed that. <_< Wii #7182 6487 4198 1828 Since: 11-18-05 From: Canada, w00t! My computer's specs, if anyone gives a damn. STOP TRUNCATING THIS >8^( Last post: 6432 days Last view: 6432 days |
| ||
So, post info in hex now? Interesting. Seems to have broken my layout a bit. "Debug (User: )" | |||
darkwitch Red Cheep-cheep Since: 10-16-06 From: Puerto Rico Last post: 6432 days Last view: 6432 days |
| ||
Originally posted by HyperHacker The views are also in hex, and I have to say, for a hacking forum that how its supposed to be, shouldn't it? |
|||
HyperHacker Star Mario Finally being paid to code in VB! If only I still enjoyed that. <_< Wii #7182 6487 4198 1828 Since: 11-18-05 From: Canada, w00t! My computer's specs, if anyone gives a damn. STOP TRUNCATING THIS >8^( Last post: 6432 days Last view: 6432 days |
| ||
What the...? I logged in successfully after the update, but when I came back today I was logged out and trying to log in didn't do anything. I poked around a bit looking for a reason and decided to just delete cookies and try again. After deleting the cookies I open login.php and I'm already logged in. Somehow I'm now logged in with no cookies at all. |
Pages: 1 2 | Add to favorites | Next newer thread | Next older thread |
Acmlm's Board - I3 Archive - Announcements - 2006-11-13 - Password System | | |