SV650.org - SV650 & Gladius 650 Forum
Page 3 of 3 12 3
Show 40 post(s) from this thread on one page

SV650.org - SV650 & Gladius 650 Forum (http://forums.sv650.org/index.php)
-   Idle Banter (http://forums.sv650.org/forumdisplay.php?f=116)
-   -   *urgent* anyone else heard about the password leak? (http://forums.sv650.org/showthread.php?t=140351)

Kinvig 06-10-09 11:20 AM
Re: *urgent* anyone else heard about the password leak?
 
[tech derail]


Quote:
Originally Posted by TSM (Post 2053691)
the normal way is to hash the username & password together, well thats nix way from what i remember
Yup, I hash using either username or email address. It's the one time on a website that I'll use javascript for "core" functionality as I don't want an unhashed pwd gonig back & forth between server & client.

Quote:
Originally Posted by TSM (Post 2053691)
i somtimes hash it with the IP address & session_id if i want a temporary password, many diffrent ways
passwords in DB are usualy not done with a master seed though, if you loose that then you are stuffed
You can't always rely on a client's browser maintaining 1 ip address for its session. Apps such as AOL seem to let the AOL browser use a roaming/floating ip address range - hence all the issues that you get with AOL users.

[/tech derail]

TSM 06-10-09 11:23 AM
Re: *urgent* anyone else heard about the password leak?
 
Quote:
Originally Posted by Kinvig (Post 2054585)
[tech derail]




Yup, I hash using either username or email address. It's the one time on a website that I'll use javascript for "core" functionality as I don't want an unhashed pwd gonig back & forth between server & client.



You can't always rely on a client's browser maintaining 1 ip address for its session. Apps such as AOL seem to let the AOL browser use a roaming/floating ip address range - hence all the issues that you get with AOL users.

[/tech derail]
This is true, but if you check for the proxy header, you should be able then able to change the hasing method. If all else fails, i usualy make it possable disable bind to ip.

Owenski 06-10-09 11:40 AM
Re: *urgent* anyone else heard about the password leak?
 
Quote:
Originally Posted by -KINGVIG-TSM (Post 2054590)
Bla bla bla tech'y bolarx bla bla bla mind melted, now cream pie'd
lol, Im sure it made perfect sense to you guys but that totally went over my head rofl.

Warthog 06-10-09 12:42 PM
Re: *urgent* anyone else heard about the password leak?
 
Quote:
Originally Posted by TSM (Post 2054028)
naa, ive confirmed its you, sure you remember who you are :p
I'm Spiderman aren't I? :-P


All times are GMT. The time now is 05:24 PM.
Page 3 of 3 12 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.