Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

The way cookies are done also needs to be changed.

And that leads to requiring the entering of your existing password in order to be able to change your password.

And that leads to providing a way to get around the above protection which leads to wanting a "security question and answer" and also adding some restrictions and notifications around attempts to change one's e-mail address.

And then there is the whole "sending password in plain-text" being required to login so we need to make login require (or at least support and probably strongly encourage) https.

And that leads to replacing the "login nodelet".

And nobody who actually currently does any significant work on maintaining this site was around when whoever made that first decision to not bother to hash passwords (as far as I know).

And tons of people have gotten their password e-mailed to them and not raised a tantrum like several people have recently so "plain-text passwords" hasn't been much of a hot topic over all these years.

And then there is that just using Perl's crypt (as suggested) would have meant that most (or certainly a large fraction) of the passwords I've seen would have been easily found anyway with standard dictionary attacks.

And even if I'd chosen a password that I was confident wouldn't be found in a 'crack' dictionary, I'd still go change any places where I'd re-used it once the hacking of the site was reported (I'd just be less panicked while doing so).

(But, yes, hashing passwords is an obvious best practice and something we regret not implementing sooner.)

- tye        


In reply to Re^5: Status of Recent User Information Leak (minutes) by tye
in thread Status of Recent User Information Leak by Co-Rion

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others chanting in the Monastery: (5)
    As of 2019-08-22 09:47 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      No recent polls found

      Notices?