Jump to content

Community

DevNTG

+Clients
  • Content Count

    80
  • Joined

  • Last visited

About DevNTG

  • Rank
    Member

Recent Profile Visitors

1,342 profile views
  1. Then send grunts to do it, both 2 and 3. That's what I've been doing, I guess this will do, thanks!
  2. There are no tags in the forums I want that have 0 in the prefix column Thoughts? I recached several times, and ran your "db fix" already.
  3. Any progress on this? My forum heavily depended on this app.
  4. Is it possible to add mass replace tags with prefixes? I bought it, but some prefixes weren't restored (I upgraded to IPB4), so I was just wondering before I spawn a couple grunts to go out and do it manually one by one (though that's over 10k topics ). There isn't anything in common with each post inside, nor the title, just the tag.
  5. Could you? I relied on another one when for 3.4, but nothing like it (that has ajax refresh) is in the marketplace now. Willing to pay the benjis for it.
  6. ​Now, you're just asking to get pounced on.
  7. It is still the case. It's not as bad, but there are still performance differences. It's going to be slower no matter what because more data is being transferred. Also, MD5, SHA1, doesn't matter. It can be done in JavaScript, too. I'm speaking on the current system.
  8. I disagree. SSL uses more resources, slows down page loads, and adds costs. I don't think normal page loads need to be encrypted. Only sensitive data, like passwords, should be encrypted. Again, I fail to see how it would be worthless.
  9. No, it's not the exact same thing. Plain text can be used on other sites -- hashes cannot.
  10. You can easily MD5 hash a string with JavaScript... You're not thinking about it right. Traditionally, browsers send: login=someUser&passwd=somePassword with browser hashing, it would send: login=someUser&passwd=be3bb966fe47ca01c1609a25873e0192 So, on the post page, you'd just have to compare it like: md5( $salt . $_POST['pass'] ) With the rise of HTTPS, few sites send log in details in plain text. I think this would be a step in the right direction. Obviously, it can be broken, and still brute forced, but it helps protect against middle man attacks.
  11. That is great news. I missed having that functionality when going back and forth between Wordpress and IP.Board.
  12. It's meant to make it more difficult, not stop it completely. I fail to see how it would make things less secure. Sending passwords plain text vs hashed. Seems like a no brainer.
  13. For IP.Board 3.x, passwords are sent plain text. I normally don't see this as a problem. However, I recently worked with a website that was exploited, and the login file was modified, so that the unencrypted password was both sent to an E-Mail address and written to a text file on the server. Granted, the need for this is limited, but being that passwords are passed through MD5 anyway, if you do it with Javascript, prior sending the password, it would create an added layer of security. Obviously, you'd need a fall back for those who don't have JavaScript enabled. Adding a simple check on the action would solve that problem, though. You could always write your own in-house encryption system that's harder to recreate or brute force <_<
×
×
  • Create New...