Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC:

complete insecure forum/server 10 years 7 months ago #2831

This server/forum is insecure,
it saves all passwords unencrypted and sends them over normal email to the user. Please stop sending unencrypted passwords over network connections. This is a security nightmare. Start to encrypt the passwords at least with SHA-3 or comparable with a salt.
Thank you for reading this.
  • 0x44h
  • 0x44h's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 3
  • Thank you received: 1

Please Log in or Create an account to join the conversation.

complete insecure forum/server 10 years 7 months ago #2832

You are so unbelievably full of crap... This serer is encrypting all passwords with salt hash and everything.

If you don't know whT you afe talking about, just don't say anything!!!
The following user(s) said Thank You: 0x44h

Please Log in or Create an account to join the conversation.

complete insecure forum/server 10 years 7 months ago #2833

Are there any reasons for insulting me?

"Hello 0x44h,

Thank you for registering at BTPro - OpenTTD Community. Your account is created and must be activated before you can use it...

After activation you may login to openttd.btpro.nl/ using the following username and password:

Username: 0x44h
Password: unencrypted pw
"
So you save it encrypted? And you don't send it unencrypted over network?
I don't want to offend anyone, I just want do help to improve the security for everyone.
The following user(s) said Thank You: Frank
  • 0x44h
  • 0x44h's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 3
  • Thank you received: 1

Please Log in or Create an account to join the conversation.

Last edit: by 0x44h.

complete insecure forum/server 10 years 7 months ago #2834

First of all... Saying that you are full of crap is nlt insulting you in my oppinion, second of all: why are you here exactly? Playing OpenTTD or trying to prove a point?

This is Joomla, it has proven itself over the years to be a complete safe content management system with multiple security patches and everything. So trust me: it's secure!

Yes, it sends email in plain text over email, but these are user passwords and encrypter in the database.

Before you place something in public the next time, maybe try to talk to the owners first!

Please Log in or Create an account to join the conversation.

complete insecure forum/server 10 years 7 months ago #2835

Sorry I thought it is better to handle everything openly. It is very good that all passwords are encrypted. Joomla isn't the best in security (just a few issues developer.joomla.org/security.html ) but it is sufficient. I just wanted to play Openttd and during the registration i noticed this issue. If you dont't want this topic, why are you not deleting it?
  • 0x44h
  • 0x44h's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 3
  • Thank you received: 1

Please Log in or Create an account to join the conversation.

complete insecure forum/server 10 years 7 months ago #2836

It's not really about "not wanting the topic", I just want to have decent discussion.
In my oppinion your first post was just not "thought well through" because you are just shouting something without knowing the background of our systems.

Trust me, all we want at BTPro is for everything to be safe. We have done ALOT of things to make things as safe as we can have them (not claiming we are 100% safe though), if then someone comes in shouting that this site is "complete insecure" like your title says, I can get a little bit annoyed!

This site is being maintained by volunteers which are doing stuff in their own time. Our goal is for everyone to enjoy it and have fun. These discussions are nice, but be polite and first come in to our IRC channel to discuss it without SHOUTING that everything is not right or insecure ok?

Have fun in the game, that's what it's all about in the end!

Please Log in or Create an account to join the conversation.

  • Page:
  • 1
Time to create page: 0.064 seconds
Best hosting deal on hostgator coupon or play poker on party poker
Copyright 2020 complete insecure forum/server - BTPro - OpenTTD Community.