FUDforum: FUDforum Suggestions » forum security question

Home » FUDforum » FUDforum Suggestions » forum security question

Show: Today's Messages :: Polls :: Message Navigator

Re: forum security question [message #38997 is a reply to message #38991]

Thu, 13 September 2007 10:24

venus

Messages: 30
Registered: August 2002
Location: Urals, Russia

Karma:

Member

Ilia ��(�) ��, 13 �� 2007 00:32

The IP validation is unreliable because some ISPs like AOL change their user's IP all of the time.

we have "enable ip validation" checkbox in config. administrators who has AOL users can disable it. but checkbox value not used by forum now.

Ilia ��(�) ��, 13 �� 2007 00:32

Storing the password inside the cookie is very dangerous, since the hacker can simply steal it from there.

not password but just one-way encrypted hash like md5 for password change verification. it is safe.

right now anyone who has my cookie can login as admin any time and i can't do anything to prohibit this.

Report message to a moderator

[Message index]

		forum security question By: venus on Wed, 12 September 2007 03:00
		Re: forum security question By: Ilia on Wed, 12 September 2007 18:32
		Re: forum security question By: venus on Thu, 13 September 2007 10:24
		Re: forum security question By: Ilia on Thu, 13 September 2007 15:25
		Re: forum security question By: venus on Fri, 14 September 2007 15:40
		Re: forum security question By: Ilia on Sun, 16 September 2007 15:19

Previous Topic:	Typo3 Integration
Next Topic:	How long will you release new version ?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Nov 22 18:28:54 GMT 2024

Total time taken to generate the page: 0.04484 seconds