*
*
Home
Help
Login
Register
Welcome, Guest. Please login or register.
August 17, 2022, 11:02:28 PM

Login with username, password and session length
Forum changes: Editing of posts has been turned off until further notice.
Search:     Advanced search
275647 Posts in 27717 Topics by 4285 Members Latest Member: - Jason DAngelo Most online today: 80 - most online ever: 565 (October 17, 2020, 02:08:06 PM)
Pages: [1]
Print
Author Topic: password security  (Read 3395 times)
Paul Czege
Acts of Evil Playtesters
Member

Posts: 2341


WWW
« on: March 10, 2005, 12:51:55 PM »

Hey Clinton,

The hack could have included a download of user information, right? Are user passwords insecure as a result (i.e. we should change them)?

Paul
Logged

My Life with Master knows codependence.
And if you're doing anything with your Acts of Evil ashcan license, of course I'm curious and would love to hear about your plans
Clinton R. Nixon
Member

Posts: 2624


WWW
« Reply #1 on: March 10, 2005, 01:29:33 PM »

Quote from: Paul Czege
Hey Clinton,

The hack could have included a download of user information, right? Are user passwords insecure as a result (i.e. we should change them)?

Paul


Officially, yes.

The logs, however, do not show any downloading of info. That doesn't mean it didn't happen, and you should change your password if you are security-conscious.
Logged

Clinton R. Nixon
CRN Games
Marco
Member

Posts: 1741


WWW
« Reply #2 on: March 10, 2005, 02:30:15 PM »

Are passwords stored plain-text by PPBB?

-Marco
Logged

---------------------------------------------
JAGS (Just Another Gaming System)
a free, high-quality, universal system at:
http://www.jagsrpg.org
Just Released: JAGS Wonderland
Clinton R. Nixon
Member

Posts: 2624


WWW
« Reply #3 on: March 10, 2005, 04:04:37 PM »

Quote from: Marco
Are passwords stored plain-text by PPBB?

-Marco


Nope - they are hashes, which changes everything. I wasn't even thinking of that. In other words, your passwords are pretty safe, unless they are a dictionary word or small variation thereof (shipmate45, for example).

- Clinton
Logged

Clinton R. Nixon
CRN Games
Victor Gijsbers
Acts of Evil Playtesters
Member

Posts: 390


WWW
« Reply #4 on: March 11, 2005, 12:11:41 AM »

Clinton, which version of phpBB were you running?
Logged

Clinton R. Nixon
Member

Posts: 2624


WWW
« Reply #5 on: March 11, 2005, 04:58:46 AM »

phpBB 2.0.11. A vital security patch was released on Feb. 28th. I saw someone on RPG.net castigate me for not applying the patch when it was released, and I thought, "What the hell does this kid do with his life? Seven days after release, I haven't upgraded a piece of software - that's not so bad. In fact, I generally have about seven straight days worth of work laid out at any given time."

By the way, it's totally likely that I'll be changing the software from phpBB to something else. If I do, nothing will break - I can rewrite links and whatnot. I've done it before.
Logged

Clinton R. Nixon
CRN Games
Domhnall
Member

Posts: 97


« Reply #6 on: March 11, 2005, 05:32:20 AM »

Just curious-- was there a "disgruntled poster" who you suspect, or did this look just like random malevolence?  Is there a way for you (someone) to trace his IPA?
Logged

--Daniel
Clinton R. Nixon
Member

Posts: 2624


WWW
« Reply #7 on: March 11, 2005, 06:05:20 AM »

Quote from: Domhnall
Just curious-- was there a "disgruntled poster" who you suspect, or did this look just like random malevolence?  Is there a way for you (someone) to trace his IPA?


It was random malevolence. I have the IP address, but am not going to try and figure out who did it.
Logged

Clinton R. Nixon
CRN Games
Pages: [1]
Print
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Oxygen design by Bloc
Valid XHTML 1.0! Valid CSS!