| Author |
 Topic  |
|
|
carpcatcher
Starting Member
4 Posts |
 Posted - 08 February 2005 : 10:28:21
|
Hi, I'm new here and don't know much about ASP-forums
Is there in version 3.4.0.5 a possibillity to show other members where the members are(in a forum) or who is online at the present time???
Thnx
Rob< |
|
|
wii
Free ASP Hosts Moderator
Denmark
2632 Posts |
|
|
carpcatcher
Starting Member
4 Posts |
Posted - 08 February 2005 : 17:54:34
|
Thnx...done it with sweat in my hands, first time it didn't work, second time it did(made a backup )
next Question.... ...Where can i configure the option needed for passwordretrieval when a user forgot it (can't find it anywhere!!!!! )
Thnx
Rob
P.S. my english isn't that good that i can find everything myself< |
 |
|
|
PeeWee.Inc
Senior Member
United Kingdom
1893 Posts |
Posted - 09 February 2005 : 03:58:19
|
| You cant find out what a users password is, ever.< |
De Priofundus Calmo Ad Te Damine |
|
|
|
wii
Free ASP Hosts Moderator
Denmark
2632 Posts |
Posted - 09 February 2005 : 04:05:18
|
| If you enable the email settings, you will see a link at the top called "forgot password?".< |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 23 July 2005 : 16:17:55
|
What do you do on an intranet where not all the users have a network login - thus no NT Authentication - nor do they have any e-mail - making the above not possible?
< |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 23 July 2005 : 18:44:21
|
In that case you should panic... 
No, seriously. The password can NOT be retrieved.
It's encrypted, and stored in the db with an algorithm (Secure Hash Algorithm 256) which is a so called one-way encryption algorithm. E.g. the same input provides the same output, but the output cannot be used to reconstruct the input.
Check WikiPedia for more info on that algorithm.
Regarding your question ; if your users do not have a network login, how are they using the computers ? Are they using no login at all ? Just 'guests' ?
If they're not using any secure login on your network/PC's, why should they be using a password on the forum then ? Just set them all to "welcome" and your done....
It seems a bit strange to me to let users on your network and intranet without any form of identity management, and expect the forum to work around that issue, but that's just me.
Look, security is as strong as its weakest part, and with NO security on the PC's used (e.g. open access to the PC's, with no network login), the cookies used by the forum are accessible to anyone with physical access to those PC's.
Access to the cookie means access to the forum...simple as that.
So, if that's the current state of the environment on your network, why bother with any form of security.< |
portfolio - linkshrinker - oxle - twitter |
Edited by - MarcelG on 23 July 2005 18:45:03 |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 24 July 2005 : 01:31:24
|
It is a little silly, but that is how our IS department set it up...
As a departamental programmer, I've not been held with the highest reguard by some of thos in IS. I can't even get a copy of Visual Studios to do some of the programming I am asked to do..  ..I'm considered a "security risk" by the security guy in IS. The real kicker is that during a long and drawn out series of meetings, my supervisor and I were basically told that if I was in IS, I would have them - since I'm not, I'm a security risk.
Enough ranting on that...
Some of the departments have a generic login as they only use the system for the online tests. Thus it wouldn't be appropriate to tie those people to one name.
< |
|
|
| |
Topic |
|
Show who is on your forum??
