FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » Failed logins "password" in Action Log
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Failed logins "password" in Action Log [message #27709] Thu, 22 September 2005 15:07 Go to next message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma: 0
Senior Member
Is there anyway to turn off the feature where the forum logs the failed password the user entered? I find it rather "unsecure" to so easilly (For other admins) to access the users passwords.

Example:
I try to loginto this forum as "ernesto" with the password "google".

Sadly, my username is "Ernesto" and not "ernesto" so now the admin here can see my password.



So, my question: Can I turn this off in my own forum in any way?


Re: Failed logins "password" in Action Log [message #27710 is a reply to message #27709] Thu, 22 September 2005 15:31 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
You can only do that by modifying forum code.

FUDforum Core Developer
Re: Failed logins "password" in Action Log [message #27711 is a reply to message #27709] Thu, 22 September 2005 15:34 Go to previous messageGo to next message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma: 0
Senior Member
Don't you agree with me that the default logging of each failed password (no encryption) is a rather unsafe thing? =)

Second question: Where would i have to look if i dont want login names to be case sensitive?

Edit: added a second sentance


[Updated on: Thu, 22 September 2005 15:35]

Report message to a moderator

Re: Failed logins "password" in Action Log [message #27712 is a reply to message #27711] Thu, 22 September 2005 15:43 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
The data is ONLY visible to forum admins, people who already can change the user's password if they so choose to. And even though the forum stores passwords as md5 hashes and admin could always modify the code to log ALL login attempts. Ultimately, if you don't trust your administrator, who do you trust?

You need to edit the SQL schema if your want to change case sensetivity of the logins.


FUDforum Core Developer

[Updated on: Thu, 22 September 2005 15:44]

Report message to a moderator

Re: Failed logins "password" in Action Log [message #27713 is a reply to message #27709] Thu, 22 September 2005 15:47 Go to previous message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma: 0
Senior Member
Thanks alot for your fast responses as always Ilia =)

  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: decrease font size of forum path
Next Topic: How to add thread manually to DB?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 10 13:29:27 GMT 2024

Total time taken to generate the page: 0.02322 seconds