The Pub Discussion Board

Get your favorite beverage, sit back, and join in the discussion

You are not logged in.

#1 2016-11-04 20:48:50

Eric Storm
Pub Owner
From: New Port Richey, FL
Registered: 2006-09-12
Posts: 4043
Website

Security issue

Hey, folks:

I have had some "indications" that there might have been another breach in site security.  I don't have anything to confirm it, just a suspicion.

As such, I would advise that you consider changing your site password.  I would also suggest using a password here that you do not use for any important data somewhere else, just in case.

I will also be implementing some behind-the-scenes extra security measures.  Those should not impact the user experience in any way.

Sorry for the inconvenience,
Eric Storm


Please Remember:  The right to Freedom of Speech does not carry the proviso, "As long as it doesn't upset anyone."  The US Constitution does not grant you the right to not be offended.  If you don't like what someone's saying... IGNORE THEM.
----
AMEN! >>> Word Crimes

Offline

 

#2 2016-11-08 06:34:42

Megabyte1949
Inebriated
From: Kansas City, Kansas
Registered: 2008-07-31
Posts: 23

Re: Security issue

As recommended, done, and thanx.


Ernie

( Artificial Intelligence is no match for Natural Stupidity! )

Offline

 

#3 2016-11-08 21:32:28

Freon22
Wasted
Registered: 2011-08-17
Posts: 121

Re: Security issue

Eric Storm wrote:

I will also be implementing some behind-the-scenes extra security measures.  Those should not impact the user experience in any way.

Hi Eric
   Are you using any type of a hash code on password? I know that hash codes can be hacked backwards but it is better then having pw sitting in the db. I use SHA1 for my C# I think one of the ones that PHP uses is MD5. There are stronger one like sha256 but anything that can be hash can be Unhashed.  Just curious but I understand if you don't want to say.


“Nearly all men can stand adversity, but if you want to test a man's character, give him power.”

― Abraham Lincoln

Offline

 

#4 2016-11-09 02:11:55

Eric Storm
Pub Owner
From: New Port Richey, FL
Registered: 2006-09-12
Posts: 4043
Website

Re: Security issue

The PunBB code is responsible for handling passwords, and yes, they are hashed.  I cannot remember if it's MD5 or SHA1 (Not that it matters, as both of them are obsolete...)

The new website version will be much more secure as far as password storage goes, but I still don't know when that will be implemented.  I've just been notified of a real problem on the current version of the site that I'm probably going to need to fix (there's a page that no longer functions), and that will slow me down some.

Unrelated, but I'm also getting sick, so that, too, will slow me down.  (Not sure what it is... sore throat, coughing, mucous production and very low-grade fever so far, as well as no energy)

In any case, yes, the passwords are hashed, and have been since the site opened.

Eric Storm


Please Remember:  The right to Freedom of Speech does not carry the proviso, "As long as it doesn't upset anyone."  The US Constitution does not grant you the right to not be offended.  If you don't like what someone's saying... IGNORE THEM.
----
AMEN! >>> Word Crimes

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson