| Author |
 Topic  |
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
|
|
redbrad0
Advanced Member
USA
3725 Posts |
|
|
mafifi
Junior Member
USA
308 Posts |
|
|
redbrad0
Advanced Member
USA
3725 Posts |
 Posted - 12 November 2001 : 12:49:59
|
mafifi, thats nice, but it does not handle line breaks or anything like that. Also when you submit the code you can still read it, it looks like it just puts the %20 in for spaces. but when you preview code with more than one line, it comes out in on long straight line.
Brad
Web Hosting with SQL Server @ $24.95 per month
Snitz Mod Archive
|
 |
|
|
dayve
Forum Moderator
USA
5820 Posts |
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
Posted - 13 November 2001 : 00:39:04
|
what cookie/password issue? I wasnt aware that there was one.
----
-Eric (da_stimulator)
Stims Snitz Test area - Running 3.3.03, 4 beta, Huw's code, and Davio's code
Need a Mod? Check out the Mod Resource |
|
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 13 November 2001 : 08:28:48
|
There is some concern that since the cookies are stored as plain text, they are unsafe on multi-user machines. For those systems that don't have a unique user logon for each user, I would agree totally agree. Why you WOULDN'T have a unique logon for every person, I don't know. That's just asking for problems.
Dave Maxwell
--------------
Proud to be a "World Class" Knucklehead |
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
Posted - 13 November 2001 : 10:02:49
|
true, i think this could be easily done to upgrade the security of the cookies. how about on post.asp also encrypting the password on it?
<input name="UserName" type="hidden" Value="redbrad0">
<input name="Password" type="hidden" value="*****">
I still dont understand why this is there, couldnt in post_info.asp you check to see if they submited their username and password, if they didnt you try to load it from their cookies, and if that does not work then you tell them they have to register.
Brad
Web Hosting with SQL Server @ $24.95 per month
Snitz Mod Archive
|
|
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
Posted - 13 November 2001 : 17:41:43
|
well I just tried using this on the snitz mod resource, and failed - incredibly failed. Everything was so screwed up I just put it back.
I'm working on making it work but I dont think this should be put in snitz code at all (yet), at least not until I get it working in a minor sense...
its very simple to decrypt - if someone took the time they could, there is a unique number code for each of the 255 charecters, and it remains the same.
I just started messing with making the number codes random, and I have it working to a degree, once I get that part working totally it would pretty much be un-crackable.
----
-Eric (da_stimulator)
Stims Snitz Test area - Running 3.3.03, 4 beta, Huw's code, and Davio's code
Need a Mod? Check out the Mod Resource |
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 13 November 2001 : 22:39:41
|
quote:
There is some concern that since the cookies are stored as plain text, they are unsafe on multi-user machines. For those systems that don't have a unique user logon for each user, I would agree totally agree. Why you WOULDN'T have a unique logon for every person, I don't know. That's just asking for problems.
Dave Maxwell
--------------
Proud to be a "World Class" Knucklehead
with snitz gaining more and more popularity I find it amusing that I can go to any computer lab at various college/universities and just browse through the cookies and sure enough, there are snitz cookies left and right and passwords are for the taking. of course this is on the "shared" accounts that some schools insist on using.
____________
dayve
http://www.nineinchnailz.com/forum |
|
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 14 November 2001 : 07:27:01
|
quote:
quote:
There is some concern that since the cookies are stored as plain text, they are unsafe on multi-user machines. For those systems that don't have a unique user logon for each user, I would agree totally agree. Why you WOULDN'T have a unique logon for every person, I don't know. That's just asking for problems.
Dave Maxwell
--------------
Proud to be a "World Class" Knucklehead
with snitz gaining more and more popularity I find it amusing that I can go to any computer lab at various college/universities and just browse through the cookies and sure enough, there are snitz cookies left and right and passwords are for the taking. of course this is on the "shared" accounts that some schools insist on using.
____________
dayve
http://www.nineinchnailz.com/forum
Exactly my point. There should NEVER be shared accounts on something like a school system. And for public places like CyberCafe's, I would never save a password anyway, but that's just me....
Dave Maxwell
--------------
Proud to be a "World Class" Knucklehead |
|
|
|
bjlt
Senior Member
1144 Posts |
Posted - 14 November 2001 : 09:11:31
|
this is really a problem.
I remember there was a discussion about this before.
one said he would make a encryption mod.
and there's also discussion on session key.
however, nothing seems to be done yet.
so why don't we start to make session key?
now?
|
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
|
| |
Topic |
|
Topic Locked
