May 17 - 05:28:04 |
|
Post Reply | Post new topic | Page: [ <<< - < ] 1 2 3 4  |
System Wide Password Change. | Started by: Squishy on Sep 04, '09 13:41 |
Email accounts have to be unencrypted, otherwise you wouldn't be able to reset your password if you forget it. I doubt any site encrypts them. Unless, of course, it's a two-way encryption, in which case those with access to the source code could simply decrypt it when and as they please; the decryption is simply to prevent those who catch the information as it is sent from the script (at least I think so; I know nothing about how hacks work). If the problem is with admin access to the details, then the issue is of whether or not the details are permanently encrypted. Which, we are told, is now the case with passwords. |
|
Reply by: Awesome at Sep 06, '09 18:24 | |
Report Post | Tip |
Ah well if stjimmy meant no harm to you then I guess we're all overreacting here then JamesTiberiusKirk.
|
|
Reply by: Noah-Levenstein at Sep 06, '09 18:43 | |
Report Post | Tip |
Right, because "overreacting" was exactly what I meant there pal. Kudos to you for twisting my words, though. |
|
Reply by: JamesTiberiusKirk at Sep 06, '09 19:07 | |
Report Post | Tip |
Yeah but 'I am on my own side'? sounds like you watch quite a lot of movies, or want to cast yourself as the hero in one. |
|
Reply by: Bateman at Sep 06, '09 19:38 | |
Report Post | Tip |
You missed the point Awesome. I would hate to imagine a screen that can be accessed by admins that showed the username, characters name, IRC nick, password and email account all together. Downloading all of that info which is a simple copy and paste into notepad could be detrimental to alot of peoples email security. |
|
Reply by: El_Nino at Sep 07, '09 03:04 | |
Report Post | Tip |
Perhaps I did twist your words a little there Kirk, but you made it abundantly clear that you don't really give a shit about the rest of the userbase provided everything's hunky dory on your end. :/ |
|
Reply by: Noah-Levenstein at Sep 07, '09 04:24 | |
Report Post | Tip |
El_Nino, grouping the username, email, and (one-way encrypted) password in one table is a very efficient means of account control. I would say that every single website to which users can register will have this set-up. And some would even add to this addresses, birth-dates, and phone numbers (and if not included in the same table, would be contained in a different table with rows that relate to the ID/Username of the other). If you don't trust those with access to the database, then you shouldn't sign up to any website. What really needs to be asked is "which administrators do you trust with your personal information"? All the developers and coders (Mario, Squishy, FullMetal, and Anubis) would have to have access to develop and code. And according to the Directory page, so too does Ganelon. Do you trust these people? If so, do you trust the Assistants less? If you don't trust them then it would be best to leave. And ask for your personal details to be removed. I'm sure they would obliged to do so. And the same with every other website. |
|
Reply by: Awesome at Sep 07, '09 06:21 | |
Report Post | Tip |
Awesome, Nino referred to a "screen" displaying all that information in one place (presumably he was referring to assistants, not coders). That is very different from a database table, where obviously related information is stored in the same place. Regarding trust. I would trust the position of developer/coder with this information (presuming encrypted passwords), but assistants are something else entirely and, in my opinion, shouldn't have access to any sensitive information (I include any chief assistant in that). |
|
Reply by: BoabyWanKenobi at Sep 07, '09 07:47 | |
Report Post | Tip |
Note, I'm not saying there's anything wrong with the MR assistants, the ones I know are more than trustworthy, I'm talking merely about role semantics. |
|
Reply by: BoabyWanKenobi at Sep 07, '09 08:09 | |
Report Post | Tip |
Perhaps I did twist your words a little there Kirk, but you made it abundantly clear that you don't really give a shit about the rest of the userbase provided everything's hunky dory on your end. :/ Reply by: Noah-Levenstein at Sep 07, '09 04:24 I would like to take a moment to clarify, everything IS hunky dory on Mr. Kirk's end. Rawr. |
|
Reply by: Schism at Sep 07, '09 08:34 | |
Report Post | Tip |
thanks. password changed |
|
Reply by: jamesybelfast26 at Sep 07, '09 13:13 | |
Report Post | Tip |
El_Nino, grouping the username, email, and (one-way encrypted) password in one table is a very efficient means of account control. I would say that every single website to which users can register will have this set-up. And some would even add to this addresses, birth-dates, and phone numbers (and if not included in the same table, would be contained in a different table with rows that relate to the ID/Username of the other). First line bracketed words. one-way encrypted. If the password is encrypted and in one table with my email address I dont really care all that much, however if its on a page with an unencrypted password its an entirely different issue. I'm sure you would agree with that. |
|
Reply by: El_Nino at Sep 07, '09 14:29 | |
Report Post | Tip |
Not really for me. The password I use for really important stuff -- email and laptop, for example -- is different to the 3 I use for websites. I trust the Hotmail staff not to use my password for the simple reason that they wouldn't need to; and the same with the MR staff with my MR password. Yes, I use the same password for a few other sites, but there's no way they could know which ones and what username I'd use. Not that it would matter, because they're not sites that would cause me harm if they were hacked into. |
|
Reply by: Awesome at Sep 07, '09 15:22 | |
Report Post | Tip |
you can change it back to your old password, no? |
|
Reply by: OJ-DA-JUICEMAN--FDP at Sep 07, '09 21:37 | |
Report Post | Tip |
You could when changing it twice however thats not advisable since the person who got unauthorized access could see everyones password.... so changing it back to your old would not solve the problem. So choose a new password. |
|
Reply by: ScipitaRourke at Sep 07, '09 21:44 | |
Report Post | Tip |
With respect, whether it's an issue for you personally doesn't alter the fact it's a security issue. |
|
Reply by: BoabyWanKenobi at Sep 08, '09 02:14 | |
Report Post | Tip |
That is true, yes. I misunderstood El_Nino's question, and thought he was asking if it was a specific problem for me, personally. |
|
Reply by: Awesome at Sep 08, '09 03:22 | |
Report Post | Tip |
Perhaps I did twist your words a little there Kirk, but you made it abundantly clear that you don't really give a shit about the rest of the userbase provided everything's hunky dory on your end. :/ Reply by: Noah-Levenstein at Sep 07, '09 04:24 I would like to take a moment to clarify, everything IS hunky dory on Mr. Kirk's end. Rawr. Thanks :-) Everything sure is fine |
|
Reply by: JamesTiberiusKirk at Sep 08, '09 10:41 | |
Report Post | Tip |
and if i did register yesterday im not in danger? =) |
|
Reply by: Calleux at Sep 08, '09 21:13 | |
Report Post | Tip |
Yeah Calleux, it won't affect your account. So you're safe, safe as houses. |
|
Reply by: Iota at Sep 08, '09 21:59 | |
Report Post | Tip |
Post Reply | View All Threads | Page: [ <<< - < ] 1 2 3 4  |
Minimum $20,000