Encryption

Post Reply

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
GlamKitten Members Profile Find Members Posts Groupie Joined: 07 May 2002 Location: United Kingdom Status: Offline Points: 41	Post Options Post Reply Quote GlamKitten Report Post Thanks(0) Quote Reply Topic: Encryption Posted: 04 August 2003 at 7:51am
	What's the point in having it? I mean if someone steals the database they have access to everything in it in any place.

thedave Members Profile Find Members Posts Groupie Joined: 08 June 2003 Location: United Kingdom Status: Offline Points: 48	Post Options Post Reply Quote thedave Report Post Thanks(0) Quote Reply Posted: 04 August 2003 at 7:53am
	passwords in the db are encrypted and its impossible to decrypt them, your also supposed to move the db to a location that no one can get a hold of the db and rename it to something that only you would know and not an obviousname, if your on a windows iis server you should be able to move the db in to a private directory not in your root web directory making it impossible for anyone to d/l you db.
	ello?!

GlamKitten Members Profile Find Members Posts Groupie Joined: 07 May 2002 Location: United Kingdom Status: Offline Points: 41	Post Options Post Reply Quote GlamKitten Report Post Thanks(0) Quote Reply Posted: 04 August 2003 at 8:09am
	Ok, so your database is hidden anyway somewhere that nobody can ever find it - what's the point in encrypting the passwords? Seems to me like a hassle because now you can't just send out someones password if they forget it; you have to send them a new password everytime which is a hassle.

thedave Members Profile Find Members Posts Groupie Joined: 08 June 2003 Location: United Kingdom Status: Offline Points: 48	Post Options Post Reply Quote thedave Report Post Thanks(0) Quote Reply Posted: 04 August 2003 at 8:23am
	you can edit a persons profile and change there password for them, and yes you would have to notifie them that you have changed there password, i think the encryption is just extra security, better to be safe than sorry nice site btw, im into japanese rock visual kei styles Edited by thedave
	ello?!

michael Members Profile Find Members Posts Senior Member Joined: 08 April 2002 Location: United States Status: Offline Points: 4670	Post Options Post Reply Quote michael Report Post Thanks(0) Quote Reply Posted: 04 August 2003 at 12:16pm
	I do not think the encryption is pointless, because if someone "hacks" your server he would be able to read your password, login with the administrator password and change your forum etc. Now if he where just to download it he could look at posts etc but it would be only local. Encryption is just one part in making this forum more secure and other things have to be looked as aswell.
	Blog \| MPG Tracker

ljamal Members Profile Find Members Posts Mod Builder Group Joined: 16 April 2003 Status: Offline Points: 888	Post Options Post Reply Quote ljamal Report Post Thanks(0) Quote Reply Posted: 04 August 2003 at 1:17pm
	If you really want to disable the encrypt all you have to do is have the encrypt function return the value it received. Personally, I think the password retrieval system should be better and should not change your password at all, but let you reset your password after receiving an email with a generated confirmation code.
	L. Jamal Walton L. Jamal Inc : Web/ Print Design and ASP Programming

GlamKitten Members Profile Find Members Posts Groupie Joined: 07 May 2002 Location: United Kingdom Status: Offline Points: 41	Post Options Post Reply Quote GlamKitten Report Post Thanks(0) Quote Reply Posted: 05 August 2003 at 4:19am
	Thanks for the replies everyone. I can see a little sense in having the encryption now, as thedave says it's mostly just extra security. Personally I don't think I'll bother with it and will change the way the retrieve password works so that people can just be sent their password via email (if they enter either their username or email address). I'm not too worried about someone hacking in and modifying the forum. Perhaps the administrator password should be encrypted, but for general users I think it's nicer to be able to send them their old password instead of generating a new one. thedave, thanks for the comment about the site, and a double thanks for mentioning Visual Kei as I knew nothing about it and have a growing passion for Japanese culture, which along with my tastes in music seem perfectly suited to Visual Kei which I'm now going to explore.

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 05 August 2003 at 4:42am
	Many people don't bother moving or renaming the database which then allows any hacker to simply download the database and get all the passwords. To prevent this from happening all passwords are now encrypted, since this has been introduced those people who don't move or rename the database have stopped having their forums hacked.
	Web Wiz Forums Hosting ASP.NET Web Hosting

Post Reply

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum