What are the chances?
Moderator: Moderators
- Cristiona
- Posts: 5118
- Joined: Sun Apr 08, 2007 1:01 am
- Location: the Conservatory with the lead pipe
- Contact:
Stored in a hash but able to be edited by an admin, I would assume? Or are you totally unable to touch them?
Or should I stop prying on this sort of thing
Or should I stop prying on this sort of thing
The churches are empty / The priest has gone home / And we are left standing / Together alone
--October Project: "Dark Time"
--October Project: "Dark Time"
Conscience.
I'm just hashing the passwords, but that seemed to obscure the data enough for the purposes of a game site. Besides, why bother stealing the passwords outright when the keylogger that Twilight installs will get me credit cards and bank accounts, too?
Someday, I'm probably going to regret saying that. Someone's going to take it seriously and tell their parents I'm stealing things from their computers, and I'll end up in jail. Sheesh.
I'm just hashing the passwords, but that seemed to obscure the data enough for the purposes of a game site. Besides, why bother stealing the passwords outright when the keylogger that Twilight installs will get me credit cards and bank accounts, too?
Someday, I'm probably going to regret saying that. Someone's going to take it seriously and tell their parents I'm stealing things from their computers, and I'll end up in jail. Sheesh.
As it's in a database, I can of course edit the password, in that I can delete them entirely or put anything else I want into that field. I don't know of any way to convert/extract the current one from the hashed result, but on a couple of occasions when people lost their password I did insert a temporary one for them until they could log in and change it back. For the most part, though, I discourage the losing of passwords because it's a total pain for me, and if I don't know you well enough to trust you I might not feel confident in resetting it.Cristiona wrote:Stored in a hash but able to be edited by an admin, I would assume? Or are you totally unable to touch them?
- Cristiona
- Posts: 5118
- Joined: Sun Apr 08, 2007 1:01 am
- Location: the Conservatory with the lead pipe
- Contact:
That's kinda what I figured. For what it's worth, I think there are some tools that can extract a password from a hash, but they're pretty limited (I believe they need to be 'trained', and of course, you need access to the hashes), and I think they don't work over a certain length (as hashes tend to be of a set length, even when the pw is longer than the hash).
Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.
Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.
The churches are empty / The priest has gone home / And we are left standing / Together alone
--October Project: "Dark Time"
--October Project: "Dark Time"
Yeah, I know. I've been mostly neglecting administrative stuff like that. I'm sure about two weeks of beta will make me clean it up, what with all the rapscallionish newbies.Cristiona wrote: Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.
Who is online
Users browsing this forum: No registered users and 2 guests