FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » forum security question
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: forum security question [message #38997 is a reply to message #38991] Thu, 13 September 2007 10:24 Go to previous messageGo to previous message
venus is currently offline  venus   Russian Federation
Messages: 30
Registered: August 2002
Location: Urals, Russia
Karma:
Member

Ilia писал(а) Чтв, 13 Сентября 2007 00:32

The IP validation is unreliable because some ISPs like AOL change their user's IP all of the time.

we have "enable ip validation" checkbox in config. administrators who has AOL users can disable it. but checkbox value not used by forum now.


Ilia писал(а) Чтв, 13 Сентября 2007 00:32

Storing the password inside the cookie is very dangerous, since the hacker can simply steal it from there.

not password but just one-way encrypted hash like md5 for password change verification. it is safe.

right now anyone who has my cookie can login as admin any time and i can't do anything to prohibit this.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Typo3 Integration
Next Topic: How long will you release new version ?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 12:16:55 GMT 2024

Total time taken to generate the page: 0.04541 seconds