+ Follow This Topic
Page 1 of 2 12 LastLast
Results 1 to 15 of 20

Thread: Is loveforum login really secure?

  1. #1
    anachronistic's Avatar
    anachronistic Guest

    Is loveforum login really secure?

    <form action="http://www.loveforum.net/login.php?do=login" method="post" onSubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">

    I never really bothered to look until just now. How come SSL isn't being used? Or HTTPS? Is md5hash really secure?


  2. #2
    Join Date
    Feb 2006
    Gender
    Female
    Location
    Seattle
    Posts
    16,935
    No idea. I just do stuff on the front end, not the back end.
    Spammer Spanker

  3. #3
    anachronistic's Avatar
    anachronistic Guest
    Completely understandable, I am expecting an answer from loveadmin, because I doubt any moderators deal with server-end applications.

    Also expecting some debate from technical users who know a bit about that.

    My understanding is that MD5 is quite insecure, and I am just suggesting that SSL/HTTPS be used instead.

  4. #4
    IndiReloaded's Avatar
    IndiReloaded is offline Yawning
    Country:
    Users Country Flag
    "Hot Love Pancake(s)"
    Join Date
    Jul 2007
    Gender
    Female
    Posts
    15,081
    Not a direct answer, but a caution for the unwary:

    Nothing you commit to the internet should be considered secure. Emails can be read by system admins, IP addressses can be traced (sometimes), that sort of thing. There are ways to check who's looking (we look periodically to see who has pinged our computers) & its sometimes interesting to see what you find.

    Its that old saying: if you don't want to be held accountable for saying it, don't say it.
    Second thoughts can generally be amended with judicious action; injudicious actions can seldom be recovered with second thoughts.
    --Cyteen by C.J.Cherryh

  5. #5
    anachronistic's Avatar
    anachronistic Guest
    Words of wisdom from Indi; of course precautions should be taken into consideration. But what I am getting at is even more important; the user login of the forum uses an algorithm of cryptography, called MD5, which is known for its simple vulnerabilities. Its hashes are easily decoded, because they are very simply encrypted. What does this mean? Well, someone that knows what they are doing could phish a page to you, because it is not HTTPS, and get your username and password. They could also retrieve the hash of the username/password and decrypt it, and have access to your account here (and possibly other websites, and more personal information if you use the same password for everything)

    As I recall, this has happened already with one account (Dono) and vulnerability remains open.

    I am just looking out for this community by examining the issue. Time and time again in my experience as a server specialist and web designer, my opinion is that users tend to use the same username/password for everything. I am informing the public about this, and hopefully they will make any necessary changes, to ensure their security, but it is not guaranteed.

    I also think it is the duty of administrative staff, even moderators on forums, to do everything they can, within reasonable boundaries, to eliminate any such problems. Why? Well, that is how the successful websites do it. The mindset of "Pfft, well that's just how the Internet is," is somewhat hindering, because it is, in a way, avoiding a problem. Sure, that's how the Internet is now, but it is not adamant. It can be changed, for the better, or for the worse. I am here to make it for the better, as I see it. Don't you want that? Don't you care?

    And from a philosophical point, nothing in this world is secure. Nothing is symmetrical. So this lesson can be applied to actual life, too. I am actually writing about that in my freetime. A life of independence is a perfect one.

    Oh, and I want to be recognized for the things I say. Even on here. I take full credit for all of it, but unfortunately, some sneaky bastard will probably take that away from me. Oh well. Hopefully what I said was so cleverly toned and original, that nobody could ever imitate it and call it their own. HA!
    Last edited by anachronistic; 28-05-08 at 07:57 AM.

  6. #6
    Join Date
    Apr 2004
    Gender
    Male
    Posts
    4,677
    I don't think anyone really cares to be honest.
    Live together. Die alone - [url]http://www.youtube.com/watch?v=lvi_RCM3FAM[/url]

  7. #7
    Join Date
    Sep 2001
    Gender
    Male
    Posts
    2,088
    Sorry for the late answer. Just to assure everyone that the login is secure.
    "Invest wisely and have money work hard for you"

  8. #8
    Illusional's Avatar
    Illusional is offline different state of mind
    Country:
    Users Country Flag
    "Hot Love Pancake(s)"
    Join Date
    Sep 2001
    Gender
    Male
    Posts
    16,389
    yup, i don't really care. that's why i have a million and one passwords.. i have to write everything down to keep track of them. of course i lock them in my safe that has the same combination as my birthday so that i will never forget it. i'm all good.

    raverboy
    ...this is just my perspective on the situation...

  9. #9
    Join Date
    Dec 2007
    Gender
    Female
    Posts
    2,236
    Quote Originally Posted by Illusional View Post
    yup, i don't really care. that's why i have a million and one passwords.. i have to write everything down to keep track of them. of course i lock them in my safe that has the same combination as my birthday so that i will never forget it. i'm all good.

    raverboy
    lol. Your SO, family, or friends can break into home and get it.

  10. #10
    Join Date
    Sep 2001
    Gender
    Male
    Posts
    2,088
    Quote Originally Posted by Illusional View Post
    yup, i don't really care. that's why i have a million and one passwords.. i have to write everything down to keep track of them. of course i lock them in my safe that has the same combination as my birthday so that i will never forget it. i'm all good.

    raverboy
    Just wonder is rboy drunk while writing this?
    "Invest wisely and have money work hard for you"

  11. #11
    Illusional's Avatar
    Illusional is offline different state of mind
    Country:
    Users Country Flag
    "Hot Love Pancake(s)"
    Join Date
    Sep 2001
    Gender
    Male
    Posts
    16,389
    i probably was drunk when i wrote that. or atleast i thought i was.

    raverboy
    ...this is just my perspective on the situation...

  12. #12
    anachronistic's Avatar
    anachronistic Guest
    I never pictured raverboy as such a paranoid. Tell me, raverboy, do you insert your butt plug every day to keep yourself on your toes?

    Anyway, I actually just used md5 to encrypt a user database on a website I am designing; first I encrypt it with md5, and then it is encrypted again with the MySQL encryption. And then the login uses SSL for maximum security.

  13. #13
    Illusional's Avatar
    Illusional is offline different state of mind
    Country:
    Users Country Flag
    "Hot Love Pancake(s)"
    Join Date
    Sep 2001
    Gender
    Male
    Posts
    16,389
    Quote Originally Posted by lilwing View Post
    I never pictured raverboy as such a paranoid. Tell me, raverboy, do you insert your butt plug every day to keep yourself on your toes?

    Anyway, I actually just used md5 to encrypt a user database on a website I am designing; first I encrypt it with md5, and then it is encrypted again with the MySQL encryption. And then the login uses SSL for maximum security.
    paranoid?? i only keep my butt plug in because i'm worried that gay people like you want to stick your thing up my ass.

    raverboy
    ...this is just my perspective on the situation...

  14. #14
    Join Date
    Jul 2005
    Gender
    Male
    Location
    Colorado
    Posts
    2,510
    MD5 is definitely secure, but you still have to use a somewhat complex password. If you use the word apple, for example, it wouldnt be that hard to figure out even with md5. But there is one thing to always keep in mind, on any site ask yourself, is someone really going to spend that much time and that much computing power to try and access your account on said site. I can bet nobody is going to put in such effort to get your loveforum pass
    "Oh Lord it's hard to be humble, when you're perfect in every way. I can't wait to look in the mirror, cause I get better loking each day. To know me is to love me, I must be a hell of a man. Oh Lord it's hard to be humble, but I'm doing the best that I can." Mac Davis

  15. #15
    Join Date
    Sep 2001
    Gender
    Male
    Posts
    2,088
    Quote Originally Posted by TAVS View Post
    MD5 is definitely secure, but you still have to use a somewhat complex password. If you use the word apple, for example, it wouldnt be that hard to figure out even with md5. But there is one thing to always keep in mind, on any site ask yourself, is someone really going to spend that much time and that much computing power to try and access your account on said site. I can bet nobody is going to put in such effort to get your loveforum pass
    TAVS! long time never see you here.

    Our server is going move to denver, colorado very soon. I bet you will get a good ping from your home next week onward.
    "Invest wisely and have money work hard for you"

Page 1 of 2 12 LastLast

Similar Threads

  1. [Pic] How to secure your girlfriend to a bike
    By AdminOnline in forum Off Topic Discussion
    Replies: 2
    Last Post: 25-07-09, 02:04 AM
  2. 5 Tips to Secure Your Identity
    By valentinement in forum Introduce Yourself
    Replies: 1
    Last Post: 09-04-09, 06:05 AM
  3. Insecure in a secure relationship...
    By zabcz in forum Love Advice forum
    Replies: 18
    Last Post: 28-10-05, 12:33 AM
  4. Able to login to gallery and view picture?
    By AdminOnline in forum Suggestion, feedback & others
    Replies: 32
    Last Post: 23-02-05, 05:59 AM
  5. From insecure to secure, my story ..
    By corewarp in forum Off Topic Discussion
    Replies: 2
    Last Post: 27-05-02, 03:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •