Akashic Records Graveyard Organization Rules/FAQ
Anonymous

0 pts

Recent posts / uploads
No. 19571 - This probably should to be fixed

01_1312067684.jpg
 130.6 KB, 1280x720

Blue - Saturday, July 30th, 2011 - 4:14 PM

Just noticed that our passwords are stored in our cookies, unencrypted. You might want to do something about that, just in case the site gets compromised or something. Obviously, encrypting them doesn't do too much, but it at least protects us from hackers that can't be assed to generate/download 500+ GB rainbow tables.

Pic not related, etc.

No. 19572 - Prelucid ##Admin## - July 30th, 2011 - 5:08 PM

I suppose we could take it one step further in the next iteration of Bastion and change that up. We should also be destroying the cookies on logout for people on public computers, now that I think about it.

Right now, it's only unencrypted client-side in the cookies, so unless someone installs a virus designed to grab it from your computer, they won't find it on our database without backwards engineering scrambled values, or hijacking the whole site and injecting script to grab it from anyone who logs in.

We don't store the actual password here at least or really anything else of value, but I agree that the above case is an avoidable scenario. Hopefully you guys don't use the same e-mail/passwords as you do on other sites. I recommend you change it now, if you do.

No. 19575 - Blue - August 2nd, 2011 - 4:18 PM

I should be fine without changing it, since I use a different handle in other places. Also, I noticed that we can't change our e-mail addresses either.

TOP

Post a Reply



  Add Image