Web Wiz Forums - error on EncryptedPasswords

Print Page | Close Window

error on EncryptedPasswords

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=17244
Printed Date: 15 April 2026 at 11:33pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: error on EncryptedPasswords

Posted By: 121261
Subject: error on EncryptedPasswords
Date Posted: 14 November 2005 at 8:01am

Hi there

have just put up my webwiz forum (access) ver 7.9.5

have edited the 2 common files at set

Const blnEncryptedPasswords = False

have changed the admin account to

user:admin pass: admin ( for develop)

but when looking in the sb this is how the fields look like

username:admin

usercode:admin7CFBF933C9

password:admin

adding a new user looks like:

username:Peter

Usercode:peter86F3C8ACA8E38DZ

password:3659D506F3461DABA4BCB5297EBDFD96C39F76A2

salt:5D185

Whats wrong...it looks like editing the common files haven`t got

any effect what so ever....

Best regards Steen

Replies:

Posted By: dj air
Date Posted: 14 November 2005 at 8:35am

check that you disabled the veribles correctly, and uploaded into the correct locations.

also it maybe corrupt try re uploading as it may hold the old files still.

Posted By: 121261
Date Posted: 14 November 2005 at 10:02am

Have cheked that all is set correctly...

I`m working directly on the server as this is on a development stage.

What could be wrong.....

Posted By: dj air
Date Posted: 14 November 2005 at 10:07am

im not to sure then because ive seen the coding used and that verible is the one used.

can i ask why you want to disable the encryption even i a small community?

Posted By: 121261
Date Posted: 14 November 2005 at 10:12am

because I need the forum to integrate with an allready made site with security and password verification....

Posted By: JJLatWebWiz
Date Posted: 14 November 2005 at 11:34am

Make sure you spelled it "False" and not "Flase" as the comments in the common.asp pages specify.

Did you test this in public new member registration and the admin "add new member"?

-------------
p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.

Posted By: 121261
Date Posted: 14 November 2005 at 1:07pm

the error comes when adding a user from the admin area..

Also....whats the usercode for??

Posted By: dj air
Date Posted: 14 November 2005 at 1:09pm

ok, try adding a user from the main area of the forum, not admin area.

the usercode i only used as a identifier for your account on your computer.

the usercode is saved in a cookie on your system and that is used to get your user account and account privelleges etc.

Posted By: 121261
Date Posted: 14 November 2005 at 1:22pm

ok it works from the user side, but not admin side

Posted By: WebWiz-Bruce
Date Posted: 14 November 2005 at 1:25pm

There is a known problem that you can not disable the password encryption when entering new users from within the admin section.

Really you should keep password encryption enabled for security.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: JJLatWebWiz
Date Posted: 14 November 2005 at 8:38pm

Did you also set the blnEncryptedPasswords to False in the admin/common.asp?

One reason you might want to reconsider your decision to not use encryption is the total lack of concern for security by most users. If given the chance, users will use their most commonly used password for the forum. If they have the ability to set their own network password, they will use the same password for the forum. If their network password is exposed as plain text in a SQL or worse an Access table, the security of your network is easily compromised. If your forum can be touched by the public internet, you might as well just publish a list of network usernames and passwords. Assuming your forum has a magical firewall that blocks hackers from getting to your forum, the plaintext passwords are still accessible to the forum users.

There's just so little pain involved in using the encryption and so much pain involvded with a compromised database that not using encryption is such a serious consideration, that all security experts would try talk you out of it.

-boRg- this makes me think that maybe you should put some code in that will let end-users know that passwords are or are not encrypted. I feel pretty safe using one of my fairly typical passwords on a Web Wiz forum, but I guess I never even considered that there would be admins actually preferring plain text passwords. Now I wonder how many admins have made the change.

-------------
p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.