Show who is on your forum??
Snitz™ Forums 2000https://forum.snitz.com/forumTopic/Posts/57003?pagenum=1
05 November 2025, 03:49
Topic
Replies ...
carpcatcher
08 February 2005, 17:54
08 February 2005, 17:54
Thnx...done it with sweat in my hands, first time it didn't work, second time it did(made a backup
)
next Question....
...Where can i configure the option needed for passwordretrieval when a user forgot it (can't find it anywhere!!!!!
)
Thnx
Rob
P.S. my english isn't that good that i can find everything myself<
)next Question....
...Where can i configure the option needed for passwordretrieval when a user forgot it (can't find it anywhere!!!!!)Thnx
Rob
P.S. my english isn't that good that i can find everything myself<
MarcelG
23 July 2005, 18:44
23 July 2005, 18:44
In that case you should panic... 
No, seriously. The password can NOT be retrieved. It's encrypted, and stored in the db with an algorithm (Secure Hash Algorithm 256) which is a so called one-way encryption algorithm. E.g. the same input provides the same output, but the output cannot be used to reconstruct the input. Check WikiPedia for more info on that algorithm.
Regarding your question ; if your users do not have a network login, how are they using the computers ? Are they using no login at all ? Just 'guests' ? If they're not using any secure login on your network/PC's, why should they be using a password on the forum then ? Just set them all to "welcome" and your done.... It seems a bit strange to me to let users on your network and intranet without any form of identity management, and expect the forum to work around that issue, but that's just me.
Look, security is as strong as its weakest part, and with NO security on the PC's used (e.g. open access to the PC's, with no network login), the cookies used by the forum are accessible to anyone with physical access to those PC's. Access to the cookie means access to the forum...simple as that. So, if that's the current state of the environment on your network, why bother with any form of security.<
No, seriously. The password can NOT be retrieved. It's encrypted, and stored in the db with an algorithm (Secure Hash Algorithm 256) which is a so called one-way encryption algorithm. E.g. the same input provides the same output, but the output cannot be used to reconstruct the input. Check WikiPedia for more info on that algorithm.
Regarding your question ; if your users do not have a network login, how are they using the computers ? Are they using no login at all ? Just 'guests' ? If they're not using any secure login on your network/PC's, why should they be using a password on the forum then ? Just set them all to "welcome" and your done.... It seems a bit strange to me to let users on your network and intranet without any form of identity management, and expect the forum to work around that issue, but that's just me.
Look, security is as strong as its weakest part, and with NO security on the PC's used (e.g. open access to the PC's, with no network login), the cookies used by the forum are accessible to anyone with physical access to those PC's. Access to the cookie means access to the forum...simple as that. So, if that's the current state of the environment on your network, why bother with any form of security.<
AnonJr
24 July 2005, 01:31
24 July 2005, 01:31
It is a little silly, but that is how our IS department set it up...
As a departamental programmer, I've not been held with the highest reguard by some of thos in IS. I can't even get a copy of Visual Studios to do some of the programming I am asked to do..
..I'm considered a "security risk" by the security guy in IS. The real kicker is that during a long and drawn out series of meetings, my supervisor and I were basically told that if I was in IS, I would have them - since I'm not, I'm a security risk.
Enough ranting on that...
Some of the departments have a generic login as they only use the system for the online tests. Thus it wouldn't be appropriate to tie those people to one name.
<
As a departamental programmer, I've not been held with the highest reguard by some of thos in IS. I can't even get a copy of Visual Studios to do some of the programming I am asked to do..
..I'm considered a "security risk" by the security guy in IS. The real kicker is that during a long and drawn out series of meetings, my supervisor and I were basically told that if I was in IS, I would have them - since I'm not, I'm a security risk.
Enough ranting on that...
Some of the departments have a generic login as they only use the system for the online tests. Thus it wouldn't be appropriate to tie those people to one name.
<