Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Password Salting - Updated 1-17-08		  New Topic  Reply to Topic
 Printer Friendly
Previous Page | Next Page
Author Previous Topic Topic Next Topic
Page: of 4

muzishun
Senior Member

United States
1079 Posts
Posted - 17 January 2008 :  13:13:33  Show Profile  Visit muzishun's Homepage  Reply with Quote
I agree that using a decent password prevents people from cracking it. However, the question is how much you trust *all* your users to have a decent password. This MOD won't prevent someone from brute forcing a login, but if someone gains access to your database, they at least won't be able to brute force your passwords from there.<
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

AnonJr
Moderator

United States
5768 Posts
Posted - 17 January 2008 :  13:13:41  Show Profile  Visit AnonJr's Homepage  Reply with Quote
Good luck enforcing that. I have a hard enough time explaining to the nurses that come to their computer training why they can't use "A1234567" as a password. (Yes, I really had to return the form and make them fill it out again.... and again a third time before they got the hint.)<
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 17 January 2008 :  13:25:38  Show Profile  Visit HuwR's Homepage  Reply with Quote
you don't have to trust all your users, just the admins and moderators, knowing a users password just means you can make posts


enforcing a minimum length is easy and a very effective method since the longer the password the less likely there is to be a rainbow table for it.<
Go to Top of Page

Shaggy
Support Moderator

Ireland
6780 Posts
Posted - 18 January 2008 :  04:47:50  Show Profile  Reply with Quote
One of the first things I do with all my forums is enforce a minimum length on passwords as well as add a check for the password being the same as the username.

<
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts
Posted - 18 January 2008 :  09:15:12  Show Profile  Visit muzishun's Homepage  Reply with Quote
Hmmm... I like those ideas. I smell another miniMOD coming on... <
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

Shaggy
Support Moderator

Ireland
6780 Posts
Posted - 18 January 2008 :  09:45:41  Show Profile  Reply with Quote
I remember writing something for StephenD a couple of years back for enhancing password security (just a series of checks like the ones above); you should be able to dig it up with a search if you want it.

<
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts
Posted - 18 January 2008 :  10:01:56  Show Profile  Visit muzishun's Homepage  Reply with Quote
If I find them, would you mind terribly if I tweaked (if necessary) them and packaged them up to put on SnitzBitz?<
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

Shaggy
Support Moderator

Ireland
6780 Posts
Posted - 18 January 2008 :  10:11:33  Show Profile  Reply with Quote
Not at all, that's why I told you about it If you can't find it, let me know and I'll have a look for it.

<
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Go to Top of Page

Shaggy
Support Moderator

Ireland
6780 Posts
Posted - 21 January 2008 :  11:42:14  Show Profile  Reply with Quote
quote:
Originally posted by Shaggy
I remember writing something for StephenD a couple of years back for enhancing password security...
This is it. Over 3 years ago now so line numbers, etc. are probably way off.

<
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts
Posted - 21 January 2008 :  11:50:02  Show Profile  Visit muzishun's Homepage  Reply with Quote
Thanks, Shaggy. I have the day off from work today, so I'll probably tackle that at some point in between cleaning my apartment and watching TV .<
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

AnonJr
Moderator

United States
5768 Posts
Posted - 21 January 2008 :  12:51:22  Show Profile  Visit AnonJr's Homepage  Reply with Quote
Why not code while watching TV? I picked up this nifty laptop desk and its made it so much easier to kick back on the couch, watch a movie, and work on whatever. <
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts
Posted - 21 January 2008 :  13:00:34  Show Profile  Visit muzishun's Homepage  Reply with Quote
Hmm.... I could go for that. It's a little pricey for me right now, but I'll add it to "The List". Thanks for the tip . Till then, I'll stick with coding at the coffee table in my living room.<
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

leesh695
Junior Member

101 Posts
Posted - 04 March 2008 :  20:24:11  Show Profile  Reply with Quote
Not sure if I am doing somthing totally wrong here, But in the pw_salt_setup.asp, it has this line.

Set f = fs.CreateTextFile("d:\websites\chimericdreamcom\test\snitz\inc_pwsalt.asp",true)

I assumed that was the path to your test forum.

I tried to change it to just inc_pwsalt.asp and i got this error.

Microsoft VBScript runtime error '800a0046'

Permission denied

/forum/forum/uploaded/pw_salt_setup.asp, line 5

Not sure why im getting it though because i put it in the file which my file attachment mod can make files in all the time.<
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts
Posted - 04 March 2008 :  21:45:36  Show Profile  Visit muzishun's Homepage  Reply with Quote
Oh wow. I can't believe I didn't catch that before. You need to put in the full physical path to your forum directory. For example, if your forum is in the wwwroot directory that many Windows machines use, you'll likely need something like this:

c:\inetpub\wwwroot\yoursite\forum\inc_pwsalt.asp

If you aren't sure what the physical path to your forum directory is, you can use the whereami.asp tool in tools.zip (in the base install of Snitz) or email your host.<
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Edited by - muzishun on 04 March 2008 21:45:52
Go to Top of Page

leesh695
Junior Member

101 Posts
Posted - 04 March 2008 :  23:28:14  Show Profile  Reply with Quote
Thanks,

I used the whereami.asp and it worked fine<
Go to Top of Page
Page: of 4 Previous Topic Topic Next Topic  
Previous Page | Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.15 seconds. Powered By: Snitz Forums 2000 Version 3.4.07