1. EuForum, where is password setting?
Hello,
Where is the password setting so you can change it to something
you might remember?
Take care,
Al
And, good luck with your Euphoria programming!
My bumper sticker: "I brake for LED's"
2. Re: EuForum, where is password setting?
Al Getz wrote:
>
> Hello,
>
>
> Where is the password setting so you can change it to something
> you might remember?
>
Al:
There is none you will have reregister.
Bernie
My files in archive:
w32engin.ew mixedlib.e eu_engin.e win32eru.ew
Can be downloaded here:
http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan
3. Re: EuForum, where is password setting?
- Posted by Robert Craig <rds at RapidEuphoria.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
Bernie Ryan wrote:
> Al Getz wrote:
> >
> > Hello,
> >
> > Where is the password setting so you can change it to something
> > you might remember?
> >
> Al:
>
> There is none you will have reregister.
Or, just pretend you "forgot" it, and
a new one will be e-mailed to you.
I don't want to know your favorite, memorable password,
or that of any other user. I'd rather just assign
random 6-character strings, and not be under suspicion
when someone cleans out your PayPal account. 
Regards,
Rob Craig
Rapid Deployment Software
http://www.RapidEuphoria.com
4. Re: EuForum, where is password setting?
- Posted by Al Getz <Xaxo at aol.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
Bernie Ryan wrote:
>
> Al Getz wrote:
> >
> > Hello,
> >
> >
> > Where is the password setting so you can change it to something
> > you might remember?
> >
> Al:
>
> There is none you will have reregister.
>
> Bernie
>
> My files in archive:
> w32engin.ew mixedlib.e eu_engin.e win32eru.ew
>
> Can be downloaded here:
> <a
> href="http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan">http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan</a>
>
Oh ok, thanks Bernie. I have to do the 'forgot password' thing
now and then he he
Take care,
Al
And, good luck with your Euphoria programming!
My bumper sticker: "I brake for LED's"
5. Re: EuForum, where is password setting?
- Posted by Greg Haberek <ghaberek at gmail.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
> I don't want to know your favorite, memorable password,
> or that of any other user. I'd rather just assign
> random 6-character strings, and not be under suspicion
> when someone cleans out your PayPal account.
You could always store the password as an md5 hash, and when a user
attempts to log in, hash their submitted password and compare it
against the stored hash. md5 hashes aren't perfect, but much safer
than storing plain text passwords in a Eu database, and take a very
long time to crack. I see this technique used in various PHP apps on
the web.
~Greg
6. Re: EuForum, where is password setting?
- Posted by Derek Parnell <ddparnell at bigpond.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
Robert Craig wrote:
>
> Bernie Ryan wrote:
> > Al Getz wrote:
> > >
> > > Hello,
> > >
> > > Where is the password setting so you can change it to something
> > > you might remember?
> > >
> > Al:
> >
> > There is none you will have reregister.
>
> Or, just pretend you "forgot" it, and
> a new one will be e-mailed to you.
>
> I don't want to know your favorite, memorable password,
> or that of any other user. I'd rather just assign
> random 6-character strings, and not be under suspicion
> when someone cleans out your PayPal account.
You're storing plaintext passwords on your server!?!?!?! Please tell me you
haven't done that. That's a fail in Security-101.
--
Derek Parnell
Melbourne, Australia
irc://irc.sorcery.net:9000/euphoria
7. Re: EuForum, where is password setting?
- Posted by Al Getz <Xaxo at aol.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
Robert Craig wrote:
>
> Bernie Ryan wrote:
> > Al Getz wrote:
> > >
> > > Hello,
> > >
> > > Where is the password setting so you can change it to something
> > > you might remember?
> > >
> > Al:
> >
> > There is none you will have reregister.
>
> Or, just pretend you "forgot" it, and
> a new one will be e-mailed to you.
>
> I don't want to know your favorite, memorable password,
> or that of any other user. I'd rather just assign
> random 6-character strings, and not be under suspicion
> when someone cleans out your PayPal account.
>
> Regards,
> Rob Craig
> Rapid Deployment Software
> <a href="http://www.RapidEuphoria.com">http://www.RapidEuphoria.com</a>
>
Hi Rob,
Oh that's clever. It's no problem to do the 'forgot password', but
i thought if i set it to something memorable i wouldnt end up doing
that from time to time. BTW, i dont have to 'pretend' he he
Take care,
Al
And, good luck with your Euphoria programming!
My bumper sticker: "I brake for LED's"
8. Re: EuForum, where is password setting?
- Posted by cklester <cklester at yahoo.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
Al Getz wrote:
> Robert Craig wrote:
> > Bernie Ryan wrote:
> > > Al Getz wrote:
> > > > Hello,
> > > > Where is the password setting so you can change it to something
> > > > you might remember?
> > > There is none you will have reregister.
> > Or, just pretend you "forgot" it, and
> > a new one will be e-mailed to you.
> > I don't want to know your favorite, memorable password,
> > or that of any other user. I'd rather just assign
> > random 6-character strings, and not be under suspicion
> > when someone cleans out your PayPal account.
> Oh that's clever. It's no problem to do the 'forgot password'...
It is a problem when you post to this list from a variety of PCs. I have
a few here at work that I post from as well as one at home. When I "forget"
a password, it's a pain in the butt to restore it to each one. Not a big
deal because it happens very infrequently... but still. :)
-=ck
"Programming in a state of EUPHORIA."
http://www.cklester.com/euphoria/
9. Re: EuForum, where is password setting?
- Posted by Robert Craig <rds at RapidEuphoria.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
Derek Parnell wrote:
> You're storing plaintext passwords on your server!?!?!?! Please tell me you
> haven't
> done that. That's a fail in Security-101.
I encrypt the passwords before storing them in the database,
but it would be easy for me to look at any text that you
type into any HTML form on our site.
Regards,
Rob Craig
Rapid Deployment Software
http://www.RapidEuphoria.com
10. Re: EuForum, where is password setting?
- Posted by Greg Haberek <ghaberek at gmail.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
> I encrypt the passwords before storing them in the database,
> but it would be easy for me to look at any text that you
> type into any HTML form on our site.
You could implement a Javscript MD5 algorithm to hash the password
before it ever leaves the user's broswers. Yahoo! uses this method
with their log in, and the javascript is right in the source of their
login page.
Just view the source of this page to get the javascript source:
http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com
Then have your form hash the password before sending it via POST. This
has got to be more secure than what you're doing now.
~Greg
11. Re: EuForum, where is password setting?
- Posted by Robert Craig <rds at RapidEuphoria.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
Greg Haberek wrote:
> > I encrypt the passwords before storing them in the database,
> > but it would be easy for me to look at any text that you
> > type into any HTML form on our site.
>
> You could implement a Javscript MD5 algorithm to hash the password
> before it ever leaves the user's broswers. Yahoo! uses this method
> with their log in, and the javascript is right in the source of their
> login page.
>
> Just view the source of this page to get the javascript source:
> <a
> href="http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com">http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com</a>
>
> Then have your form hash the password before sending it via POST. This
> has got to be more secure than what you're doing now.
OK, thanks.
That code might become useful if I need a higher level of security
in the future. At the moment, the passwords are barely
worth it. They just provide some partial protection against
someone posting an embarassing message, or user contribution,
pretending to be you. If money were involved, I guess I'd
have to be more serious about it.
Regards,
Rob Craig
Rapid Deployment Software
http://www.RapidEuphoria.com
12. Re: EuForum, where is password setting?
- Posted by Bernie Ryan <xotron at bluefrog.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
Al Getz wrote:
>
> Oh ok, thanks Bernie. I have to do the 'forgot password' thing
> now and then he he
Al:
Write a fancy windows program that would translate
your favorite password to the password that Rob's
program assigned you. Then you could change your
password whenever you wanted to and your program
would remember Rob's password.
Bernie
My files in archive:
w32engin.ew mixedlib.e eu_engin.e win32eru.ew
Can be downloaded here:
http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan
13. Re: EuForum, where is password setting?
Greg Haberek wrote:
>
> > I encrypt the passwords before storing them in the database,
> > but it would be easy for me to look at any text that you
> > type into any HTML form on our site.
>
> You could implement a Javscript MD5 algorithm to hash the password
> before it ever leaves the user's broswers. Yahoo! uses this method
> with their log in, and the javascript is right in the source of their
> login page.
>
> Just view the source of this page to get the javascript source:
> <a
> href="http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com">http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com</a>
>
> Then have your form hash the password before sending it via POST. This
> has got to be more secure than what you're doing now.
>
> ~Greg
>
>
Please do *not*.
Everyone doesn't have a javascript capable browser; I have, but I prefer using
lighter ones. The small javascript on this page is bad enough (opening the window
when you wanna post). I'm using a semi-light browser that does a little
javascript (like opening windows) on this page.
Regards, Alexander Toresson
14. Re: EuForum, where is password setting?
- Posted by Derek Parnell <ddparnell at bigpond.com>
Jun 14, 2005
-
Last edited Jun 15, 2005
Robert Craig wrote:
>
> Greg Haberek wrote:
> > > I encrypt the passwords before storing them in the database,
> > > but it would be easy for me to look at any text that you
> > > type into any HTML form on our site.
> >
> > You could implement a Javscript MD5 algorithm to hash the password
> > before it ever leaves the user's broswers. Yahoo! uses this method
> > with their log in, and the javascript is right in the source of their
> > login page.
> >
> > Just view the source of this page to get the javascript source:
> > <a
> > href="http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com">http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com</a>
> >
> > Then have your form hash the password before sending it via POST. This
> > has got to be more secure than what you're doing now.
>
> OK, thanks.
> That code might become useful if I need a higher level of security
> in the future. At the moment, the passwords are barely
> worth it. They just provide some partial protection against
> someone posting an embarassing message, or user contribution,
> pretending to be you. If money were involved, I guess I'd
> have to be more serious about it.
So if "passwords are barely worth it" and there is no money involved, why is
that we can't set our own password? Your earlier argument has just been destroyed
by your latest argument. It sounds like RDS just can't be bothered doing it for
their customers. I know that's no so, of course, but that's how it comes across.
--
Derek Parnell
Melbourne, Australia
irc://irc.sorcery.net:9000/euphoria
15. Re: EuForum, where is password setting?
- Posted by Pete Lomax <petelomax at blueyonder.co.uk>
Jun 14, 2005
-
Last edited Jun 15, 2005
On Tue, 14 Jun 2005 13:03:00 -0700, Robert Craig
<guest at RapidEuphoria.com> wrote:
>I don't want to know your favorite, memorable password,
>or that of any other user. I'd rather just assign
>random 6-character strings, and not be under suspicion
>when someone cleans out your PayPal account.
Apparently my paypal account contains $247,000, in spamworld...
(I have never ever opened one, BTW)
I have a postit note on my wall covered in dust now. It says, amongst
others, KQ77PIQ and gf37nht. Obviously those are not what I consider
important (and I would be gobsmacked if anyone here could track down
where I use them, not to mention gobsmacked if they are still valid;
actually wherever it was I used KQ77PIQ is long since forgotten).
Rob has a point I cannot deny; myself I would never use (eg) my bank
password to login to *ANY* other site, but I guess some people do.
Of course if you use the MUCH better idea of an email interface, like
I do, this problem virtually dissappears; apart from re-uploading
stuff, & even then once a fortnight or less is not exactly hardship.
Regards,
Pete
PS OH DAMN. You now all know that I like xxNNxxx style passwords.
Given that there are only 38,020,403,200 of them, no doubt someone
will manage that in around 90 seconds ;-((
16. Re: EuForum, where is password setting?
On Tue, 14 Jun 2005 14:21:01 -0700, Al Getz <guest at RapidEuphoria.com>
wrote:
>Robert Craig wrote:
>> Or, just pretend you "forgot" it, and
>> a new one will be e-mailed to you.
>Oh that's clever. It's no problem to do the 'forgot password',
Exactly. "Aged" email addresses are about the best mere mortals can
hope for, bar PGP.
For an (off-topic) example, if "zzqz at old.col.uk" mailed me, telling me
they were about to become zzqz at new.co.uk, and I sent back a simple
code to zzqz at old.col.uk which I expected back from zzqz at new.co.uk,
well, I think difficult to better, and certainly plenty good enough
for our (Eu community) purposes. (Absolutely no need for Rob to go
that far; I was illustrating "trust")
Regards,
Pete
PS Obviously, if you do the "forgot password", the machine replies,
not Rob...
17. Re: EuForum, where is password setting?
On Tue, 14 Jun 2005 15:37:20 -0700, Robert Craig
<guest at RapidEuphoria.com> wrote:
>At the moment, the passwords are barely worth it.
>They just provide some partial protection against
>someone posting an embarassing message, or user contribution,
>pretending to be you. If money were involved, I guess I'd
>have to be more serious about it.
I totally agree. I fail to see why anyone would waste time trying to
wipe my, or anyone else's, RDS contributions given that they would
likely be restored within hours of the first complaint.
Pete
18. Re: EuForum, where is password setting?
Bernie Ryan wrote:
>
> Al Getz wrote:
> >
> > Oh ok, thanks Bernie. I have to do the 'forgot password' thing
> > now and then he he
>
> Al:
> Write a fancy windows program that would translate
> your favorite password to the password that Rob's
> program assigned you. Then you could change your
> password whenever you wanted to and your program
> would remember Rob's password.
> Bernie
>
> My files in archive:
> w32engin.ew mixedlib.e eu_engin.e win32eru.ew
>
> Can be downloaded here:
> <a
> href="http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan">http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan</a>
>
He he he he he... Now that's funny
Take care,
Al
And, good luck with your Euphoria programming!
My bumper sticker: "I brake for LED's"
19. Re: EuForum, where is password setting?
Pete Lomax wrote:
>
> On Tue, 14 Jun 2005 13:03:00 -0700, Robert Craig
> <guest at RapidEuphoria.com> wrote:
>
> >I don't want to know your favorite, memorable password,
> >or that of any other user. I'd rather just assign
> >random 6-character strings, and not be under suspicion
> >when someone cleans out your PayPal account.
> Apparently my paypal account contains $247,000, in spamworld...
> (I have never ever opened one, BTW)
>
> I have a postit note on my wall covered in dust now. It says, amongst
> others, KQ77PIQ and gf37nht. Obviously those are not what I consider
> important (and I would be gobsmacked if anyone here could track down
> where I use them, not to mention gobsmacked if they are still valid;
> actually wherever it was I used KQ77PIQ is long since forgotten).
>
> Rob has a point I cannot deny; myself I would never use (eg) my bank
> password to login to *ANY* other site, but I guess some people do.
>
> Of course if you use the MUCH better idea of an email interface, like
> I do, this problem virtually dissappears; apart from re-uploading
> stuff, & even then once a fortnight or less is not exactly hardship.
>
> Regards,
> Pete
> PS OH DAMN. You now all know that I like xxNNxxx style passwords.
> Given that there are only 38,020,403,200 of them, no doubt someone
> will manage that in around 90 seconds ;-((
I will most likely include 2 methods in which to post messages to the EuForum in
my EuForum Viewer. The default way will be through the Authentication Mode of
the Web Interface, and the other will be optional, which is to send email to the
Topica list. However, The second method would be more to program in, since i
have to take into account the SMTP Protocol, and involves setting up such
settings, and requires the user to know their Mail Server to send through. And
surprisingly enough, not many know their mail server. So simplicity is a must.
And I am making progress, I've got the thing setup to download messages (Not
check for new messages yet), it /CORRECTLY/ decodes headers (Might want to look
at my method of decoding the headers for the Web Interface Rob), and currently
supports the apostraphy Unicode for display. Both of these was found in message
#47 and #48.
I don't have it setup to where it'll mark new messages, and old messages yet,
I'll most likely have to set it up through a EDS Database, and Syntax
Highlighting isn't setup (Since I need Matt to wrap the wxHTML Control). I will
be working on the system more when I can get time. Currently, time is a thing
that isn't a luxury.
More details as they become available! Stay tune to this station!
Mario Steele
http://enchantedblade.trilake.net
Attaining World Dominiation, one byte at a time...
