1. EuForum, where is password setting?
- Posted by Al Getz <Xaxo at aol.com> Jun 14, 2005
- 514 views
Hello, Where is the password setting so you can change it to something you might remember? Take care, Al And, good luck with your Euphoria programming! My bumper sticker: "I brake for LED's"
2. Re: EuForum, where is password setting?
- Posted by Bernie Ryan <xotron at bluefrog.com> Jun 14, 2005
- 500 views
Al Getz wrote: > > Hello, > > > Where is the password setting so you can change it to something > you might remember? > Al: There is none you will have reregister. Bernie My files in archive: w32engin.ew mixedlib.e eu_engin.e win32eru.ew Can be downloaded here: http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan
3. Re: EuForum, where is password setting?
- Posted by Robert Craig <rds at RapidEuphoria.com> Jun 14, 2005
- 546 views
- Last edited Jun 15, 2005
Bernie Ryan wrote: > Al Getz wrote: > > > > Hello, > > > > Where is the password setting so you can change it to something > > you might remember? > > > Al: > > There is none you will have reregister. Or, just pretend you "forgot" it, and a new one will be e-mailed to you. I don't want to know your favorite, memorable password, or that of any other user. I'd rather just assign random 6-character strings, and not be under suspicion when someone cleans out your PayPal account. Regards, Rob Craig Rapid Deployment Software http://www.RapidEuphoria.com
4. Re: EuForum, where is password setting?
- Posted by Al Getz <Xaxo at aol.com> Jun 14, 2005
- 506 views
- Last edited Jun 15, 2005
Bernie Ryan wrote: > > Al Getz wrote: > > > > Hello, > > > > > > Where is the password setting so you can change it to something > > you might remember? > > > Al: > > There is none you will have reregister. > > Bernie > > My files in archive: > w32engin.ew mixedlib.e eu_engin.e win32eru.ew > > Can be downloaded here: > <a > href="http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan">http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan</a> > Oh ok, thanks Bernie. I have to do the 'forgot password' thing now and then he he Take care, Al And, good luck with your Euphoria programming! My bumper sticker: "I brake for LED's"
5. Re: EuForum, where is password setting?
- Posted by Greg Haberek <ghaberek at gmail.com> Jun 14, 2005
- 498 views
- Last edited Jun 15, 2005
> I don't want to know your favorite, memorable password, > or that of any other user. I'd rather just assign > random 6-character strings, and not be under suspicion > when someone cleans out your PayPal account. You could always store the password as an md5 hash, and when a user attempts to log in, hash their submitted password and compare it against the stored hash. md5 hashes aren't perfect, but much safer than storing plain text passwords in a Eu database, and take a very long time to crack. I see this technique used in various PHP apps on the web. ~Greg
6. Re: EuForum, where is password setting?
- Posted by Derek Parnell <ddparnell at bigpond.com> Jun 14, 2005
- 533 views
- Last edited Jun 15, 2005
Robert Craig wrote: > > Bernie Ryan wrote: > > Al Getz wrote: > > > > > > Hello, > > > > > > Where is the password setting so you can change it to something > > > you might remember? > > > > > Al: > > > > There is none you will have reregister. > > Or, just pretend you "forgot" it, and > a new one will be e-mailed to you. > > I don't want to know your favorite, memorable password, > or that of any other user. I'd rather just assign > random 6-character strings, and not be under suspicion > when someone cleans out your PayPal account. You're storing plaintext passwords on your server!?!?!?! Please tell me you haven't done that. That's a fail in Security-101. -- Derek Parnell Melbourne, Australia irc://irc.sorcery.net:9000/euphoria
7. Re: EuForum, where is password setting?
- Posted by Al Getz <Xaxo at aol.com> Jun 14, 2005
- 475 views
- Last edited Jun 15, 2005
Robert Craig wrote: > > Bernie Ryan wrote: > > Al Getz wrote: > > > > > > Hello, > > > > > > Where is the password setting so you can change it to something > > > you might remember? > > > > > Al: > > > > There is none you will have reregister. > > Or, just pretend you "forgot" it, and > a new one will be e-mailed to you. > > I don't want to know your favorite, memorable password, > or that of any other user. I'd rather just assign > random 6-character strings, and not be under suspicion > when someone cleans out your PayPal account. > > Regards, > Rob Craig > Rapid Deployment Software > <a href="http://www.RapidEuphoria.com">http://www.RapidEuphoria.com</a> > Hi Rob, Oh that's clever. It's no problem to do the 'forgot password', but i thought if i set it to something memorable i wouldnt end up doing that from time to time. BTW, i dont have to 'pretend' he he Take care, Al And, good luck with your Euphoria programming! My bumper sticker: "I brake for LED's"
8. Re: EuForum, where is password setting?
- Posted by cklester <cklester at yahoo.com> Jun 14, 2005
- 502 views
- Last edited Jun 15, 2005
Al Getz wrote: > Robert Craig wrote: > > Bernie Ryan wrote: > > > Al Getz wrote: > > > > Hello, > > > > Where is the password setting so you can change it to something > > > > you might remember? > > > There is none you will have reregister. > > Or, just pretend you "forgot" it, and > > a new one will be e-mailed to you. > > I don't want to know your favorite, memorable password, > > or that of any other user. I'd rather just assign > > random 6-character strings, and not be under suspicion > > when someone cleans out your PayPal account. > Oh that's clever. It's no problem to do the 'forgot password'... It is a problem when you post to this list from a variety of PCs. I have a few here at work that I post from as well as one at home. When I "forget" a password, it's a pain in the butt to restore it to each one. Not a big deal because it happens very infrequently... but still. :) -=ck "Programming in a state of EUPHORIA." http://www.cklester.com/euphoria/
9. Re: EuForum, where is password setting?
- Posted by Robert Craig <rds at RapidEuphoria.com> Jun 14, 2005
- 507 views
- Last edited Jun 15, 2005
Derek Parnell wrote: > You're storing plaintext passwords on your server!?!?!?! Please tell me you > haven't > done that. That's a fail in Security-101. I encrypt the passwords before storing them in the database, but it would be easy for me to look at any text that you type into any HTML form on our site. Regards, Rob Craig Rapid Deployment Software http://www.RapidEuphoria.com
10. Re: EuForum, where is password setting?
- Posted by Greg Haberek <ghaberek at gmail.com> Jun 14, 2005
- 484 views
- Last edited Jun 15, 2005
> I encrypt the passwords before storing them in the database, > but it would be easy for me to look at any text that you > type into any HTML form on our site. You could implement a Javscript MD5 algorithm to hash the password before it ever leaves the user's broswers. Yahoo! uses this method with their log in, and the javascript is right in the source of their login page. Just view the source of this page to get the javascript source: http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com Then have your form hash the password before sending it via POST. This has got to be more secure than what you're doing now. ~Greg
11. Re: EuForum, where is password setting?
- Posted by Robert Craig <rds at RapidEuphoria.com> Jun 14, 2005
- 509 views
- Last edited Jun 15, 2005
Greg Haberek wrote: > > I encrypt the passwords before storing them in the database, > > but it would be easy for me to look at any text that you > > type into any HTML form on our site. > > You could implement a Javscript MD5 algorithm to hash the password > before it ever leaves the user's broswers. Yahoo! uses this method > with their log in, and the javascript is right in the source of their > login page. > > Just view the source of this page to get the javascript source: > <a > href="http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com">http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com</a> > > Then have your form hash the password before sending it via POST. This > has got to be more secure than what you're doing now. OK, thanks. That code might become useful if I need a higher level of security in the future. At the moment, the passwords are barely worth it. They just provide some partial protection against someone posting an embarassing message, or user contribution, pretending to be you. If money were involved, I guess I'd have to be more serious about it. Regards, Rob Craig Rapid Deployment Software http://www.RapidEuphoria.com
12. Re: EuForum, where is password setting?
- Posted by Bernie Ryan <xotron at bluefrog.com> Jun 14, 2005
- 508 views
- Last edited Jun 15, 2005
Al Getz wrote: > > Oh ok, thanks Bernie. I have to do the 'forgot password' thing > now and then he he Al: Write a fancy windows program that would translate your favorite password to the password that Rob's program assigned you. Then you could change your password whenever you wanted to and your program would remember Rob's password. Bernie My files in archive: w32engin.ew mixedlib.e eu_engin.e win32eru.ew Can be downloaded here: http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan
13. Re: EuForum, where is password setting?
- Posted by Alexander Toresson <alexander.toresson at gmail.com> Jun 14, 2005
- 488 views
- Last edited Jun 15, 2005
Greg Haberek wrote: > > > I encrypt the passwords before storing them in the database, > > but it would be easy for me to look at any text that you > > type into any HTML form on our site. > > You could implement a Javscript MD5 algorithm to hash the password > before it ever leaves the user's broswers. Yahoo! uses this method > with their log in, and the javascript is right in the source of their > login page. > > Just view the source of this page to get the javascript source: > <a > href="http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com">http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com</a> > > Then have your form hash the password before sending it via POST. This > has got to be more secure than what you're doing now. > > ~Greg > > Please do *not*. Everyone doesn't have a javascript capable browser; I have, but I prefer using lighter ones. The small javascript on this page is bad enough (opening the window when you wanna post). I'm using a semi-light browser that does a little javascript (like opening windows) on this page. Regards, Alexander Toresson
14. Re: EuForum, where is password setting?
- Posted by Derek Parnell <ddparnell at bigpond.com> Jun 14, 2005
- 497 views
- Last edited Jun 15, 2005
Robert Craig wrote: > > Greg Haberek wrote: > > > I encrypt the passwords before storing them in the database, > > > but it would be easy for me to look at any text that you > > > type into any HTML form on our site. > > > > You could implement a Javscript MD5 algorithm to hash the password > > before it ever leaves the user's broswers. Yahoo! uses this method > > with their log in, and the javascript is right in the source of their > > login page. > > > > Just view the source of this page to get the javascript source: > > <a > > href="http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com">http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com</a> > > > > Then have your form hash the password before sending it via POST. This > > has got to be more secure than what you're doing now. > > OK, thanks. > That code might become useful if I need a higher level of security > in the future. At the moment, the passwords are barely > worth it. They just provide some partial protection against > someone posting an embarassing message, or user contribution, > pretending to be you. If money were involved, I guess I'd > have to be more serious about it. So if "passwords are barely worth it" and there is no money involved, why is that we can't set our own password? Your earlier argument has just been destroyed by your latest argument. It sounds like RDS just can't be bothered doing it for their customers. I know that's no so, of course, but that's how it comes across. -- Derek Parnell Melbourne, Australia irc://irc.sorcery.net:9000/euphoria
15. Re: EuForum, where is password setting?
- Posted by Pete Lomax <petelomax at blueyonder.co.uk> Jun 14, 2005
- 510 views
- Last edited Jun 15, 2005
On Tue, 14 Jun 2005 13:03:00 -0700, Robert Craig <guest at RapidEuphoria.com> wrote: >I don't want to know your favorite, memorable password, >or that of any other user. I'd rather just assign >random 6-character strings, and not be under suspicion >when someone cleans out your PayPal account. Apparently my paypal account contains $247,000, in spamworld... (I have never ever opened one, BTW) I have a postit note on my wall covered in dust now. It says, amongst others, KQ77PIQ and gf37nht. Obviously those are not what I consider important (and I would be gobsmacked if anyone here could track down where I use them, not to mention gobsmacked if they are still valid; actually wherever it was I used KQ77PIQ is long since forgotten). Rob has a point I cannot deny; myself I would never use (eg) my bank password to login to *ANY* other site, but I guess some people do. Of course if you use the MUCH better idea of an email interface, like I do, this problem virtually dissappears; apart from re-uploading stuff, & even then once a fortnight or less is not exactly hardship. Regards, Pete PS OH DAMN. You now all know that I like xxNNxxx style passwords. Given that there are only 38,020,403,200 of them, no doubt someone will manage that in around 90 seconds ;-((
16. Re: EuForum, where is password setting?
- Posted by Pete Lomax <petelomax at blueyonder.co.uk> Jun 15, 2005
- 492 views
On Tue, 14 Jun 2005 14:21:01 -0700, Al Getz <guest at RapidEuphoria.com> wrote: >Robert Craig wrote: >> Or, just pretend you "forgot" it, and >> a new one will be e-mailed to you. >Oh that's clever. It's no problem to do the 'forgot password', Exactly. "Aged" email addresses are about the best mere mortals can hope for, bar PGP. For an (off-topic) example, if "zzqz at old.col.uk" mailed me, telling me they were about to become zzqz at new.co.uk, and I sent back a simple code to zzqz at old.col.uk which I expected back from zzqz at new.co.uk, well, I think difficult to better, and certainly plenty good enough for our (Eu community) purposes. (Absolutely no need for Rob to go that far; I was illustrating "trust") Regards, Pete PS Obviously, if you do the "forgot password", the machine replies, not Rob...
17. Re: EuForum, where is password setting?
- Posted by Pete Lomax <petelomax at blueyonder.co.uk> Jun 15, 2005
- 500 views
On Tue, 14 Jun 2005 15:37:20 -0700, Robert Craig <guest at RapidEuphoria.com> wrote: >At the moment, the passwords are barely worth it. >They just provide some partial protection against >someone posting an embarassing message, or user contribution, >pretending to be you. If money were involved, I guess I'd >have to be more serious about it. I totally agree. I fail to see why anyone would waste time trying to wipe my, or anyone else's, RDS contributions given that they would likely be restored within hours of the first complaint. Pete
18. Re: EuForum, where is password setting?
- Posted by Al Getz <Xaxo at aol.com> Jun 15, 2005
- 493 views
Bernie Ryan wrote: > > Al Getz wrote: > > > > Oh ok, thanks Bernie. I have to do the 'forgot password' thing > > now and then he he > > Al: > Write a fancy windows program that would translate > your favorite password to the password that Rob's > program assigned you. Then you could change your > password whenever you wanted to and your program > would remember Rob's password. > Bernie > > My files in archive: > w32engin.ew mixedlib.e eu_engin.e win32eru.ew > > Can be downloaded here: > <a > href="http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan">http://www.rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=bernie+ryan</a> > He he he he he... Now that's funny Take care, Al And, good luck with your Euphoria programming! My bumper sticker: "I brake for LED's"
19. Re: EuForum, where is password setting?
- Posted by Mario Steele <eumario at trilake.net> Jun 15, 2005
- 524 views
Pete Lomax wrote: > > On Tue, 14 Jun 2005 13:03:00 -0700, Robert Craig > <guest at RapidEuphoria.com> wrote: > > >I don't want to know your favorite, memorable password, > >or that of any other user. I'd rather just assign > >random 6-character strings, and not be under suspicion > >when someone cleans out your PayPal account. > Apparently my paypal account contains $247,000, in spamworld... > (I have never ever opened one, BTW) > > I have a postit note on my wall covered in dust now. It says, amongst > others, KQ77PIQ and gf37nht. Obviously those are not what I consider > important (and I would be gobsmacked if anyone here could track down > where I use them, not to mention gobsmacked if they are still valid; > actually wherever it was I used KQ77PIQ is long since forgotten). > > Rob has a point I cannot deny; myself I would never use (eg) my bank > password to login to *ANY* other site, but I guess some people do. > > Of course if you use the MUCH better idea of an email interface, like > I do, this problem virtually dissappears; apart from re-uploading > stuff, & even then once a fortnight or less is not exactly hardship. > > Regards, > Pete > PS OH DAMN. You now all know that I like xxNNxxx style passwords. > Given that there are only 38,020,403,200 of them, no doubt someone > will manage that in around 90 seconds ;-(( I will most likely include 2 methods in which to post messages to the EuForum in my EuForum Viewer. The default way will be through the Authentication Mode of the Web Interface, and the other will be optional, which is to send email to the Topica list. However, The second method would be more to program in, since i have to take into account the SMTP Protocol, and involves setting up such settings, and requires the user to know their Mail Server to send through. And surprisingly enough, not many know their mail server. So simplicity is a must. And I am making progress, I've got the thing setup to download messages (Not check for new messages yet), it /CORRECTLY/ decodes headers (Might want to look at my method of decoding the headers for the Web Interface Rob), and currently supports the apostraphy Unicode for display. Both of these was found in message #47 and #48. I don't have it setup to where it'll mark new messages, and old messages yet, I'll most likely have to set it up through a EDS Database, and Syntax Highlighting isn't setup (Since I need Matt to wrap the wxHTML Control). I will be working on the system more when I can get time. Currently, time is a thing that isn't a luxury. More details as they become available! Stay tune to this station! Mario Steele http://enchantedblade.trilake.net Attaining World Dominiation, one byte at a time...