Encryption
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=4730
Printed Date: 02 April 2026 at 1:08pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Encryption
Posted By: GlamKitten
Subject: Encryption
Date Posted: 04 August 2003 at 7:51am
|
What's the point in having it? I mean if someone steals the database they have access to everything in it in any place. |
Replies:
Posted By: thedave
Date Posted: 04 August 2003 at 7:53am
|
passwords in the db are encrypted and its impossible to decrypt them, your also supposed to move the db to a location that no one can get a hold of the db and rename it to something that only you would know and not an obviousname, if your on a windows iis server you should be able to move the db in to a private directory not in your root web directory making it impossible for anyone to d/l you db. ------------- ello?! |
Posted By: GlamKitten
Date Posted: 04 August 2003 at 8:09am
|
Ok, so your database is hidden anyway somewhere that nobody can ever find it - what's the point in encrypting the passwords? Seems to me like a hassle because now you can't just send out someones password if they forget it; you have to send them a new password everytime which is a hassle. |
Posted By: thedave
Date Posted: 04 August 2003 at 8:23am
you can edit a persons profile and change there password for them, and yes you would have to notifie them that you have changed there password, i think the encryption is just extra security, better to be safe than sorry  nice site btw, im into japanese rock visual kei styles  ------------- ello?! |
Posted By: michael
Date Posted: 04 August 2003 at 12:16pm
|
I do not think the encryption is pointless, because if someone "hacks" your server he would be able to read your password, login with the administrator password and change your forum etc. Now if he where just to download it he could look at posts etc but it would be only local. Encryption is just one part in making this forum more secure and other things have to be looked as aswell. ------------- http://baumannphoto.com" rel="nofollow - Blog | http://mpgtracker.com" rel="nofollow - MPG Tracker |
Posted By: ljamal
Date Posted: 04 August 2003 at 1:17pm
|
If you really want to disable the encrypt all you have to do is have the encrypt function return the value it received.
Personally, I think the password retrieval system should be better and should not change your password at all, but let you reset your password after receiving an email with a generated confirmation code. ------------- L. Jamal Walton http://www.ljamal.com/" rel="nofollow - L. Jamal Inc : Web/ Print Design and ASP Programming |
Posted By: GlamKitten
Date Posted: 05 August 2003 at 4:19am
|
Thanks for the replies everyone. I can see a little sense in having the encryption now, as thedave says it's mostly just extra security. Personally I don't think I'll bother with it and will change the way the retrieve password works so that people can just be sent their password via email (if they enter either their username or email address). I'm not too worried about someone hacking in and modifying the forum. Perhaps the administrator password should be encrypted, but for general users I think it's nicer to be able to send them their old password instead of generating a new one. thedave, thanks for the comment about the site, and a double thanks for mentioning Visual Kei as I knew nothing about it and have a growing passion for Japanese culture, which along with my tastes in music seem perfectly suited to Visual Kei which I'm now going to explore. |
Posted By: WebWiz-Bruce
Date Posted: 05 August 2003 at 4:42am
|
Many people don't bother moving or renaming the database which then allows any hacker to simply download the database and get all the passwords. To prevent this from happening all passwords are now encrypted, since this has been introduced those people who don't move or rename the database have stopped having their forums hacked. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |