Wtf!!!!
-
Arcsalin
- Emerald Rider
- Posts: 919
- Joined: Mon Feb 07, 2005 12:00 pm
- Location: Somewhere in Liverpool
I heard Xest has ADHD, thus he will not be sitting but doing something else
Mid Excalibur
Hib Pryd
Alb Stonehenge (I was there before teh cluster and gimps going from excal pryd cluster due to QQ - Noobs! )
Alb Camlann
.........far too many 50's to mention and no bb - hardcore gaming for a hardcore peep
Hib Pryd
Alb Stonehenge (I was there before teh cluster and gimps going from excal pryd cluster due to QQ - Noobs!
)Alb Camlann
.........far too many 50's to mention and no bb - hardcore gaming for a hardcore peep
Passwords would be pretty hard actually. I am pretty sure they aren't stored in the database (a hash function of them is) ... it would require modifying the login page so that the password is stored somewhere. Also, it wouldn't work for people who stay online with cookies as the password can only be captured during the login page (but I guess we could 'accidently' reset the cookiesXest wrote:Of course we can but we don't and that's the difference.
We could send all your e-mail addresses to the mafia for spamming purposes as well as grab any passwords used for accounts here if for some reason we really felt the need
).Right that is what admin means ... the ability to change/read everything. If the server can read info, then so can an admin (but it can require effort as there isn't a nice page on the forum that shows PMs etc.) and the server obviously knows about all the PMs.but again we do not and will not do these things. Apart from the fact it'd require effort, which is something that is lacking from just about every mod/admin on this board there's also little point.
On this note, it's worth noting that just about all online services could do this, GOA could in fact also read all your private chats in DAoC if they really wanted to also. If you're really that paranoid perhaps using the net is something worth avoiding altogether.
The admins on all vbulletin forums can read PMs if they are willing to manually check the database (admins only that is ... it is unlikely that mods would be given the ability as the admins would have to manually code a view page or give them access to the database).
In any case, I guess it comes down to a combination of how much you trust us to be lazy/honest enough not to look
.Prydwen
Lairiodd Level 50 Nightshade and Legendary Grandmaster Smith (1065) check prices here
Lairirian Level 50 Mana Mentalist and Legendary Spellcrafter (TDD)
Lairgreybark Level 50 Arb Animist
Lairmindlock Level 50 Bard (TDD)
Camlann
Lairthall Level 35+ Friar
Stocking one 99% of most of the useful spellcrafting gems at Houses 3304 and 3306
Over 150 gems at 99% stocked
Lairiodd Level 50 Nightshade and Legendary Grandmaster Smith (1065) check prices here
Lairirian Level 50 Mana Mentalist and Legendary Spellcrafter (TDD)
Lairgreybark Level 50 Arb Animist
Lairmindlock Level 50 Bard (TDD)
Camlann
Lairthall Level 35+ Friar
Stocking one 99% of most of the useful spellcrafting gems at Houses 3304 and 3306
Over 150 gems at 99% stocked
Does the forum email forgotten passwords rather than changes them? (I know forums that do it both ways...)Lairiodd wrote:Passwords would be pretty hard actually. I am pretty sure they aren't stored in the database (a hash function of them is) ... it would require modifying the login page so that the password is stored somewhere. Also, it wouldn't work for people who stay online with cookies as the password can only be captured during the login page (but I guess we could 'accidently' reset the cookies
In which case change the email address of the user, request password, change email address back.
Hmm, good question, I just checked. It sends you a link that you click to reset your password ... which makes sense .
I guess there is a setting to set it to store the passwords themselves.
However, that is a bad idea as it means that people cannot use the same password for many different sites.
.I guess there is a setting to set it to store the passwords themselves.
However, that is a bad idea as it means that people cannot use the same password for many different sites.
Prydwen
Lairiodd Level 50 Nightshade and Legendary Grandmaster Smith (1065) check prices here
Lairirian Level 50 Mana Mentalist and Legendary Spellcrafter (TDD)
Lairgreybark Level 50 Arb Animist
Lairmindlock Level 50 Bard (TDD)
Camlann
Lairthall Level 35+ Friar
Stocking one 99% of most of the useful spellcrafting gems at Houses 3304 and 3306
Over 150 gems at 99% stocked
Lairiodd Level 50 Nightshade and Legendary Grandmaster Smith (1065) check prices here
Lairirian Level 50 Mana Mentalist and Legendary Spellcrafter (TDD)
Lairgreybark Level 50 Arb Animist
Lairmindlock Level 50 Bard (TDD)
Camlann
Lairthall Level 35+ Friar
Stocking one 99% of most of the useful spellcrafting gems at Houses 3304 and 3306
Over 150 gems at 99% stocked
You could just modify the PHP pages such that the page served to the client just submits a plaintext password if you really wanted to do it. It's not something you could do stealthily though as with a bit of basic investigation people could see that their password was being sent and hence likely also stored as plaintext. Cookies are returned by the browser to the server each time the user accesses the page, this also will contain the password, I doubt this is sent plaintext either though.
You can download an HTTP sniffer program and have a look at what is actually being sent back and forth, can be quite an interesting thing to do with various sites so as to judge how safe your data actually is.
Of course if you're really paranoid you could setup public/private key encryption with a friend and only send encrypted messages via PMs and have the other person decrypt them with the correct key at the other end, then all that would be sent via the servers would be the encrypted text
You can download an HTTP sniffer program and have a look at what is actually being sent back and forth, can be quite an interesting thing to do with various sites so as to judge how safe your data actually is.
Of course if you're really paranoid you could setup public/private key encryption with a friend and only send encrypted messages via PMs and have the other person decrypt them with the correct key at the other end, then all that would be sent via the servers would be the encrypted text
OFFICER XEST - PROTECTING YOU AGAINST FORUM CRIME
Che Xefan, el presidente.
Che Xefan, el presidente.
Shh ... don't tell them ... what are we to do for entertainment in the admin forumXest wrote: Of course if you're really paranoid you could setup public/private key encryption with a friend and only send encrypted messages via PMs
.Prydwen
Lairiodd Level 50 Nightshade and Legendary Grandmaster Smith (1065) check prices here
Lairirian Level 50 Mana Mentalist and Legendary Spellcrafter (TDD)
Lairgreybark Level 50 Arb Animist
Lairmindlock Level 50 Bard (TDD)
Camlann
Lairthall Level 35+ Friar
Stocking one 99% of most of the useful spellcrafting gems at Houses 3304 and 3306
Over 150 gems at 99% stocked
Lairiodd Level 50 Nightshade and Legendary Grandmaster Smith (1065) check prices here
Lairirian Level 50 Mana Mentalist and Legendary Spellcrafter (TDD)
Lairgreybark Level 50 Arb Animist
Lairmindlock Level 50 Bard (TDD)
Camlann
Lairthall Level 35+ Friar
Stocking one 99% of most of the useful spellcrafting gems at Houses 3304 and 3306
Over 150 gems at 99% stocked
