Option to reset all members' passwords

[RPG-support]

We definitely need the option to reset all members' passwords from ACP. This may be useful in case the comunity was compromised due to the next security bug. Each password should be changed to an arbitrary one. And the user will receive notification via Email to login via the special link where he will be offered to enter the new password. This option should be available to the user id 1 only. It may be also protected on the files level. For example, if special file is absent in the site folder, then this option will not work.

[Hexsplosions]

You can achieve this with an SQL query. By updating the password via SQL your users would no longer be able to login and they'd be forced to reset their passwords.

It's that kind of a feature that, if built, would not be used very often, if at all.

[RPG-support]

I do not think that sql query is the easy thing for the most users.

Just now, Evil Edwina said:

It's that kind of a feature that, if built, would not be used very often, if at all.

Did you see the emergency exit in the planes, for example?

[SJ77]

There's almost nothing someone could threaten me with that would compel me to use such a feature. There is no faster way to kill traffic. Many members are too lazy, and if they have to make a new password will just say hell with it and never visit the respective site again. This should be a plugin in market place if anything, in my humble opinion.

[RPG-support]

6 minutes ago, superj707 said:

There's almost nothing someone could threaten me with that would compel me to use such a feature.

Database leak or site back door shell will not cause you to use this feature because this will kill traffic. You are not afraid if your site is compromised and users' details are on free access in the Internet.

[SJ77]

1 minute ago, shop.a108.net said:

Database leak or site back door shell will not cause you to use this feature because this will kill traffic. You are not afraid if your site is compromiseв and users' details are on free access on the Internet.

no, not really. 15+ years hasn't happened yet. I don't think I would be preemptively taking this precaution.

[RPG-support]

Just now, superj707 said:

no, not really.

Please, write this on the terms & conditions page to be honest towards users.

[SJ77]

I am not trying to knock your idea. It's a fine idea. I am merely presenting the possibility of it being a mod instead of core.

[MADMAN32395]

3 minutes ago, superj707 said:

I am not trying to knock your idea. It's a fine idea. I am merely presenting the possibility of it being a mod instead of core.

Why are we so trusting on mods? Some mods are thrown together so quickly that they either don't work upon release or break shortly with an IPS update. I feel that password stuff should be core function.

[SJ77]

4 minutes ago, MADMAN32395 said:

Why are we so trusting on mods? Some mods are thrown together so quickly that they either don't work upon release or break shortly with an IPS update. I feel that password stuff should be core function.

Totally fair opinion.

However, in my opinion it's something I would almost never use. Unless I was certain someone hacked in and stole passwords. (*which are hashed anyway*)

I am glad that IPB employs a strict philosophy of only adding stuff that most people will need/want and use. The software is still fairly lean. Can you imagine if they accepted everyone's request's into core? That's why we have mods so that ad hoc requests can be manged through customization.

[RPG-support]

40 minutes ago, superj707 said:

(*which are hashed anyway*)

Hash will not help if there is sql injection on the site. Passwords will be collected on the fly while the members are logging in. 

[Colonel_mortis]

4 minutes ago, shop.a108.net said:

Hash will not help if there is sql injection on the site. Passwords will be collected on the fly while the members are logging in. 

SQL injection wouldn't permit that (well, it shouldn't, though in IPS3.4 there is an escalation of privileges issue that can allow an sql injection vulnerability to turn into an arbitrary code execution issue), but there are some attacks that can allow that to happen. Unfortunately, I have been on the receiving end of one of them.

I do agree that they should add it as a feature, allowing the admin to reset all members' passwords and email all members to tell them what happened, then require that they reset their password (or include the password reset URL in the notification email). It hopefully wouldn't need to be used, but it would mean that, if the worst did happen, it would at least be easier to sort it out, without having to resort to SQL and hacking some code together to send out the emails (I had to edit the bulk email function to remove the checks for whether they had opted into getting bulk emails).

[RPG-support]

18 minutes ago, Colonel_mortis said:

SQL injection wouldn't permit that

Well, XSS attacks will help with this. Thank you for your support of my idea.

[chilihead]

This just happened at The Admin Zone, they sent a security email to everyone, and if you visit the site logged in you are forwarded to a page to change your password and you can't view the site until you do.

This should be possible with core.

Also IPS removed the ability to send emails to everyone, unfortunately all emails use the opt in/out "mailing list" filter and there is no bypass like there used to be for such a situation. There should be a mod for this as they stated they are not adding it back since they also host IPS sites and the setting is often abused.

[Hexsplosions]

6 hours ago, shop.a108.net said:

Did you see the emergency exit in the planes, for example?

I'm not going to die if my forum gets hacked.  It's a bit of a silly comparison.

I also did not criticise your idea, I simply stated it's one of those things that's never likely to get used. I haven't had a forum hacked once and I've hosted forums for a long time.

What you've asked for can be achieved through the use of a mass mail (e.g. Dear members, reset your passwords, ta!) and an SQL query.

[chilihead]

Just now, Evil Edwina said:

What you've asked for can be achieved through the use of a mass mail (e.g. Dear members, reset your passwords, ta!) and an SQL query.

14 minutes ago, chilihead said:

Also IPS removed the ability to send emails to everyone, unfortunately all emails use the opt in/out "mailing list" filter and there is no bypass like there used to be for such a situation. There should be a mod for this as they stated they are not adding it back since they also host IPS sites and the setting is often abused.

At this time no, it would not reach all members, would need a mod for that.

[Hexsplosions]

Just now, chilihead said:

At this time no, it would not reach all members, would need a mod for that.

I know, but I also know how to export emails from a database and use a third party mailer. If the IPS forum was compromised I would use a third party mailer.

Again, I'm not criticising, I'm just showing alternatives and expressing an opinion that it's a feature that's unlikely to get used much, if at all, by most admins.

[chilihead]

I gotcha but it's really not a feature you can judge by potential use, it not being used is a good thing. And we would all hope to never have to use it.

[SJ77]

It's kinda like a fire extinguisher.  Nobody cares about it until it's needed, then suddenly it's the best thing ever.  I suppose if actually needed I would be super glad to have it. I am still on the better off being a mod side of the argument though. But I do see the value as noted above.

Although, I do wish I could force override and send emails to all members.

[RPG-support]

21 minutes ago, chilihead said:

as they stated they are not adding it back since they also host IPS sites and the setting is often abused.

This option may be provided for the self-hosted suits. This is definitely egoistic to think about the company more than about its clients. And this is not the question of possibility to do but rather the question of desire to do. This is obviously possible to return.

[chilihead]

7 years old but here is the explanation.

[RPG-support]

@chilihead Sounds like they do not want to think about self-hosted clients' needs. Actually this limitation may be easily overriden by the sql request. But in the emergency situations you will need to make more steps which will take more time. So, this is also the question of ill strategy in the product development, for my humble opinion. Restrictions as the method are not always working.

[Morrigan]

Literally, this whole debate could be fixed with a check mark in the database "Force user to reset password" instead of forcing a full reset of the password because the security is intentionally not going to work that way and for larger sites this could actually be detrimental because it would be something massive to reset every password hash.

I think the "Force user to reset password" thing is a valid option because I'm pretty sure that's what Sony did when they were hacked a few dozen times.

I don't have anything for or against it, I'm not sure that I would necessarily have a need for it but I wouldn't hate having the option to force a password reset on an account that I thought was hacked.

Error comes up "You must reset your password, click here to send confirmation email". You click it. Check your email, new temp password or password reset link is in your mailbox.

Click it, reset, done.

[RPG-support]

17 minutes ago, Morrigan said:

"Force user to reset password" instead of forcing a full reset

The idea has the following shortcoming: hackers will have much time to expoit hijacked passwords before all users will see the "You must reset your password, click here to send confirmation email". So, admin must be able to reset all passwords at once. Passwords may be collected by the method of XSS attack or by SQL injection (you are stealing the full data base with passwords' blowfish hashes and salts and then doing brute-force decoding).

[chilihead]

Suggestion aside, it's good to at least know what to do if this ever should arise, so either it being in core, a mod, or simply a tutorial would be a good thing. Being prepared is key.

Would hate to be scrambling around trying to figure out what to do in this situation.