Get your favorite beverage, sit back, and join in the discussion
You are not logged in.
Hey, folks:
I have had some "indications" that there might have been another breach in site security. I don't have anything to confirm it, just a suspicion.
As such, I would advise that you consider changing your site password. I would also suggest using a password here that you do not use for any important data somewhere else, just in case.
I will also be implementing some behind-the-scenes extra security measures. Those should not impact the user experience in any way.
Sorry for the inconvenience,
Eric Storm
Offline
As recommended, done, and thanx.
Offline
Eric Storm wrote:
I will also be implementing some behind-the-scenes extra security measures. Those should not impact the user experience in any way.
Hi Eric
Are you using any type of a hash code on password? I know that hash codes can be hacked backwards but it is better then having pw sitting in the db. I use SHA1 for my C# I think one of the ones that PHP uses is MD5. There are stronger one like sha256 but anything that can be hash can be Unhashed. Just curious but I understand if you don't want to say.
Offline
The PunBB code is responsible for handling passwords, and yes, they are hashed. I cannot remember if it's MD5 or SHA1 (Not that it matters, as both of them are obsolete...)
The new website version will be much more secure as far as password storage goes, but I still don't know when that will be implemented. I've just been notified of a real problem on the current version of the site that I'm probably going to need to fix (there's a page that no longer functions), and that will slow me down some.
Unrelated, but I'm also getting sick, so that, too, will slow me down. (Not sure what it is... sore throat, coughing, mucous production and very low-grade fever so far, as well as no energy)
In any case, yes, the passwords are hashed, and have been since the site opened.
Eric Storm
Offline