HomepageOpinions about this siteSalomonenraupenfaenger is screwing up the layout :)| Author | Post | |||
moose      |
I didn't want to allege that the tbs-admins have dishonest motives! I'm just getting a bad feeling when I register to a site and they send me a authentication mail with my pw in plain text the negative statement wasn't meant negative .... I just didn't know how to write it and I wanted to remember erik that he has to filter ' and " if he makes md5 as js - although I'm quite sure he had thought of it. (my thought was that you don't have to filter the users input if you make a md5-hash with php, because md5 is always hexadecimal) |
|||
 30.09.2007 14:04:45 |
|
|||
quangntenemy             |
Hmm hashing at client really isn't that good. You'll have to hash once more at server and recalculate the existed hash. Or the sniffer can log in without going through the pain of password cracking. |
|||
 30.09.2007 14:42:53 |
|
|||
alt3rn4tiv3       |
Obtaining a password has other far-reaching consequences than just the ability to steal the identity of a person on just one site. I think we've already discussed about that somewhere else.  |
|||
 30.09.2007 15:00:13 |
|
|||
| unknown user |
 Quote from quangntenemy:Hmm hashing at client really isn't that good. You'll have to hash once more at server and recalculate the existed hash. Or the sniffer can log in without going through the pain of password cracking. not only the server, well to clarify what you would have to do, to achieve what you want is: a challenge mechanism server adds an extra field to the logon form: <înput type=text name=password> <input type=hidden name=challenge value=[some large random value] /> <input type=submit onclick=hash()> with hash() return md5("$password"."$challenge") the server makes the same calculation That way when somebody intercepts a login sequence, and the cannot reverse the hash, they can only replay the hash, if they happen to get the same random value in the hidden parameter. Which shouldn't happen ... |
|||
| 30.09.2007 15:11:52 |
|
|||
Erik |
Hi, now the login buttons work on hitting return. Further I fixed the too wide textarea issue. Cu, Erik  |
|||
|
30.09.2007 22:11:09 |
|
|||
| unknown user |
Quote from Erik: Hi, now the login buttons work on hitting return. nifty i see other small changes appear, coolios one thing though the hover color of the buttons is a bit too pink for me, a bit more orangie would probably fit in better with the rest of the tbs color scheme ... Not that i know that much about colors, or have good taste... so perhaps you should ignore this ... |
|||
| 30.09.2007 23:39:49 |
|
|||
|
quangntenemy |
Maybe you should make the blue-ish button background a bit lighter, it's very close to the foreground atm. Also you should change the title for the bright shadows banner too, it's outdated  |
|||
|
02.10.2007 02:26:12 |
|
|||
private message
EMail
Website