marcele Posted January 21, 2005 Posted January 21, 2005 Security: 1. Right now all logins are done clear text. Should use javascript md5 hash / seed solution or at least have the option of setting up ssl based logins. (You wouldn't want to be logging in as root via telnet .. why do we allow this with IPB?). 2. Get rid of the "forgot password" feature for admin group accounts. That's like having a "reset root server password" via email ... just not a good idea.. Upload Management: File uploads should NOT be stored all in one directory. Also all the uploads should use the same upload system that the IPB gallery does where you can set a number of files per directory / and if it goes over that number it will create a new directory. This would prevent file system slowdown on boards with a lot of attachements. Refactor / Reuse: It would be nice to see some of the page classes refactored using more OO techniques / class re-use (get rid of duplicated code). Also not high priority but would be nice: MySQLi driver (prepared statements , bound paramaters .. yummy :thumbsup: )
Logan Posted January 21, 2005 Posted January 21, 2005 I'm sorry but I don't agree with any of your suggestions except for the upload management. (Not counting the refactor / reuse as I don't really know)
outlaw Posted January 21, 2005 Posted January 21, 2005 I'm sorry but I don't agree with any of your suggestions except for the upload management. (Not counting the refactor / reuse as I don't really know)<{POST_SNAPBACK}> Going to agree with you. Refactor and reuse just means edit the code and not use same bits of code twice in different files.
marcele Posted January 21, 2005 Posted January 21, 2005 I'm sorry but I don't agree with any of your suggestions except for the upload management. (Not counting the refactor / reuse as I don't really know)<{POST_SNAPBACK}> Hey , That's ok .. you can disagree with me !! I've already implimented most of these changes to my development board already .. I just thought that the security stuff would be nice since with the 2.1 roadmap IPS said that they were going to focus more on improving security (the javascript stuff has already been implemented with vbulletin). I've talked with Matt about it and he has stated that he doesn't want the board to be dependent on javascript (which I can understand) .. So why not ssl then? My only beef is that there is currently no secure way to login using your admin account. And I still feel that being able to change your admin password via "lost password" is a big no - no. Version 2 of IPB is becoming more and more stable and more and more corporate clients are starting take notice . Security is something that corporate clients take very seriously.
outlaw Posted January 21, 2005 Posted January 21, 2005 The idea that doing the encryption into MD5 then sending it over doesn't solve anything and just requires the usage of Javascript for a little gain. To make it easier you'd end up wanting to implement a system so it still works if they don't have Javascript enabled, which defeats the purpose of this. So in the end, you aren't really talking a security gain and just more of a hassle.
marcele Posted January 21, 2005 Posted January 21, 2005 The idea that doing the encryption into MD5 then sending it over doesn't solve anything and just requires the usage of Javascript for a little gain. To make it easier you'd end up wanting to implement a system so it still works if they don't have Javascript enabled, which defeats the purpose of this. So in the end, you aren't really talking a security gain and just more of a hassle.<{POST_SNAPBACK}> That's why I said ssl also ? Why not ssl?
Arts&Faith Posted January 22, 2005 Posted January 22, 2005 I agree with most of the suggestions, especially the admin password thing. Implementing SSL for logins might mean removing the 'quick login' feature on the home page.
Logan Posted January 22, 2005 Posted January 22, 2005 Marcele, there would be no point in removing the forgot password feature altogether. Sure if you want to edit your skin so it doesn't show. But it's a basic required feature in all web based applications and it doesn't fall under security. So what, an annoying kiddie might click forgot password a couple times on someone but it's not a security risk, they don't get your password the owner of the account just gets an email. The idea that doing the encryption into MD5 then sending it over doesn't solve anything and just requires the usage of Javascript for a little gain. To make it easier you'd end up wanting to implement a system so it still works if they don't have Javascript enabled, which defeats the purpose of this. [b]So in the end, you aren't really talking a security gain and just more of a hassle.[/b] Exactly.
marcele Posted January 22, 2005 Posted January 22, 2005 Marcele, there would be no point in removing the forgot password feature altogether. Sure if you want to edit your skin so it doesn't show. But it's a basic required feature in all web based applications and it doesn't fall under security. <{POST_SNAPBACK}> Who said anything about removing the lost password feature altogether? Leave it in exactly the way it is for normal user groups ... just don't allow it to reset root admin accounts.
Logan Posted January 22, 2005 Posted January 22, 2005 It doesn't reset until you confirm the reset in the email. If you don't want the password reset delete the email. Yes it needs to work for ROOT admins as well. It's not a security risk, because once you hit forgot password it doesn't automatically reset the password which I think you think. Just a safe little email for instructions to reset your password, and if you didn't request the password reset you delete the email and your password is not reset.
Arts&Faith Posted January 23, 2005 Posted January 23, 2005 No, e-mail is not secure. It depends on the board. For my board it's not a bit deal, but of other people have access to the data then one's board could be at risk. Come to that, though, I would rather see IPB support certificates for admin authentication.
Reeka Jean Posted January 23, 2005 Posted January 23, 2005 Ick... it would have to be a turn on/turn off feature then.... Because I forget my password all the bloody time. lol. I tend to use different ones, depending on my mood - then I forget what my password is. >.< I've even done that with the FTP for my domain before... So PLEASE don't take the feature off the admin thing, unless it's something you can toggle on and off... Because I would be in big trouble someday forgetting what my password was. lol. I agree with the uploads thing though.
chica05 Posted January 25, 2005 Posted January 25, 2005 " Get rid of the "forgot password" feature for admin group accounts. That's like having a "reset root server password" via email ... just not a good idea." How can I do this on the admin c.p and if I do this does this mean when i select forgot password anytime for my admin that it will send me my old password rather than a reset? Thanks in advance.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.