Topic: password security
Started by: Paul Czege
Started on: 3/10/2005
Board: Site Discussion
On 3/10/2005 at 8:51pm, Paul Czege wrote:
password security
Hey Clinton,
The hack could have included a download of user information, right? Are user passwords insecure as a result (i.e. we should change them)?
Paul
On 3/10/2005 at 9:29pm, Clinton R. Nixon wrote:
Re: password security
Paul Czege wrote: Hey Clinton,
The hack could have included a download of user information, right? Are user passwords insecure as a result (i.e. we should change them)?
Paul
Officially, yes.
The logs, however, do not show any downloading of info. That doesn't mean it didn't happen, and you should change your password if you are security-conscious.
On 3/10/2005 at 10:30pm, Marco wrote:
RE: password security
Are passwords stored plain-text by PPBB?
-Marco
On 3/11/2005 at 12:04am, Clinton R. Nixon wrote:
RE: password security
Marco wrote: Are passwords stored plain-text by PPBB?
-Marco
Nope - they are hashes, which changes everything. I wasn't even thinking of that. In other words, your passwords are pretty safe, unless they are a dictionary word or small variation thereof (shipmate45, for example).
- Clinton
On 3/11/2005 at 8:11am, Victor Gijsbers wrote:
RE: password security
Clinton, which version of phpBB were you running?
On 3/11/2005 at 12:58pm, Clinton R. Nixon wrote:
RE: password security
phpBB 2.0.11. A vital security patch was released on Feb. 28th. I saw someone on RPG.net castigate me for not applying the patch when it was released, and I thought, "What the hell does this kid do with his life? Seven days after release, I haven't upgraded a piece of software - that's not so bad. In fact, I generally have about seven straight days worth of work laid out at any given time."
By the way, it's totally likely that I'll be changing the software from phpBB to something else. If I do, nothing will break - I can rewrite links and whatnot. I've done it before.
On 3/11/2005 at 1:32pm, Domhnall wrote:
RE: password security
Just curious-- was there a "disgruntled poster" who you suspect, or did this look just like random malevolence? Is there a way for you (someone) to trace his IPA?
On 3/11/2005 at 2:05pm, Clinton R. Nixon wrote:
RE: password security
Domhnall wrote: Just curious-- was there a "disgruntled poster" who you suspect, or did this look just like random malevolence? Is there a way for you (someone) to trace his IPA?
It was random malevolence. I have the IP address, but am not going to try and figure out who did it.