The Pub Discussion Board
Get your favorite beverage, sit back, and join in the discussion
You are not logged in.
#1 2016-11-04 20:48:50
- Eric Storm
- Pub Owner
- From: New Port Richey, FL
- Registered: 2006-09-12
- Posts: 5747
- Website
Security issue
Hey, folks:
I have had some "indications" that there might have been another breach in site security. I don't have anything to confirm it, just a suspicion.
As such, I would advise that you consider changing your site password. I would also suggest using a password here that you do not use for any important data somewhere else, just in case.
I will also be implementing some behind-the-scenes extra security measures. Those should not impact the user experience in any way.
Sorry for the inconvenience,
Eric Storm
Please Remember: The right to Freedom of Speech does not carry the proviso, "As long as it doesn't upset anyone." The US Constitution does not grant you the right to not be offended. If you don't like what someone's saying... IGNORE THEM.
----
Facebook page
Offline
#2 2016-11-08 06:34:42
- Megabyte1949
- Inebriated
- From: Kansas City, Kansas
- Registered: 2008-07-31
- Posts: 23
Re: Security issue
As recommended, done, and thanx.
Ernie
( Artificial Intelligence is no match for Natural Stupidity! )
Offline
#3 2016-11-08 21:32:28
- Freon22
- Wasted
- Registered: 2011-08-17
- Posts: 123
Re: Security issue
Eric Storm wrote:
I will also be implementing some behind-the-scenes extra security measures. Those should not impact the user experience in any way.
Hi Eric
Are you using any type of a hash code on password? I know that hash codes can be hacked backwards but it is better then having pw sitting in the db. I use SHA1 for my C# I think one of the ones that PHP uses is MD5. There are stronger one like sha256 but anything that can be hash can be Unhashed. Just curious but I understand if you don't want to say.
“Nearly all men can stand adversity, but if you want to test a man's character, give him power.”
― Abraham Lincoln
Offline
#4 2016-11-09 02:11:55
- Eric Storm
- Pub Owner
- From: New Port Richey, FL
- Registered: 2006-09-12
- Posts: 5747
- Website
Re: Security issue
The PunBB code is responsible for handling passwords, and yes, they are hashed. I cannot remember if it's MD5 or SHA1 (Not that it matters, as both of them are obsolete...)
The new website version will be much more secure as far as password storage goes, but I still don't know when that will be implemented. I've just been notified of a real problem on the current version of the site that I'm probably going to need to fix (there's a page that no longer functions), and that will slow me down some.
Unrelated, but I'm also getting sick, so that, too, will slow me down. (Not sure what it is... sore throat, coughing, mucous production and very low-grade fever so far, as well as no energy)
In any case, yes, the passwords are hashed, and have been since the site opened.
Eric Storm
Please Remember: The right to Freedom of Speech does not carry the proviso, "As long as it doesn't upset anyone." The US Constitution does not grant you the right to not be offended. If you don't like what someone's saying... IGNORE THEM.
----
Facebook page
Offline