Jump to content

Database encryption


Guest TCWT

Recommended Posts

  • Management

There is no database encryption. If you mean specifically, passwords: then they are saved as a md5 hash of the plain text password which itself is hashed with a random 5 character salt.

Link to comment
Share on other sites

What's the benefit? If you can read the database, you can read the database. One column in one IPB table that contains encrypted versions of passwords is not going to stop the hackers.

Hackers need to find server login details, and/or the database username and password, to dump the database contents. All the encryption of the passwords in the database does is stop the hackers from knowing every member's password AFTER they have hacked into the database.

Alternatively, hackers need to find out the root admin's password, login to AdminCP, then use SQL Toolbox to dump the data.

If you read that link, the hackers got into the database 'around the back' in the ways I describe, rather than 'from the front' [the vb user interface].

Link to comment
Share on other sites

I never said this was going to stop hackers from any attempts. I'm aware they hacked their backup servers containing the database. But, there are other ways of obtaining a database besides logging in with the Admin password to dump them or from ssh.

Link to comment
Share on other sites

I didn't say it would stop any attempts either. I think what I ws trying to say was that making the IPB passwords even stronger in the database wasn't really going to make it any more difficult to hack in, because the way they are most likely to hack in to the actual database is not through the board/AdminCP by guessing a members' password.

Previously I have requested that IPB implement password policies in the code to force regular changes, minimum and maximum lengths, exclude passwords that are in a 'dictionary' that IPB can use, no password equal to user name, no password able to be reused for X amount of changes.

My request had the most negative response I think I've seen on these boards. :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...