miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
The Other miniBB Support Forums / The Other /  
 

admin password security

 
Author webseeker
Partaker
#1 | Posted: 22 Apr 2002 20:00 
First I want to say how much I love this little board. But (there's always a but) I was wondering, the user passwords are crypted but why is the admin pass left in clear text in the options file instead of crypted and placed in the DB? Leaving the admin pass in clear text can't be good.

Maybe I'm missing something. I've changed my pass in preferences (at least I go through the motions) but the auth for admin doesn't use the new pass, it still looks at the pass in the options file.

Tell me if I'm missing something that's right in front of my face. If not, is there plans to rectify this in later releases? So far this is the only negative I can see with this BB.

Peace...

Author Team
8-)
#2 | Posted: 23 Apr 2002 10:20 
webseeker
it still looks at the pass in the options file
Yes, that's true. Manual describes it.

As for admin password, you are right, the only place where it is opened is options file. So, is it secure? We apologise, yes. In options file, there are also more important password saved, for example, password and login to sql database. This is php file, so if you simply run it in browser, it will display NOTHING. And, we think, it is more secure that keeping encrypted passwords in database. Because NOBODY except owner of forums can change it and view it, and you can do it ONLY via FTP, not directly from browser. So, it is secure, don't worry :)

Beginning from the version 2.0, it's also possible to store admin's password directly encoded as MD5 hash.

The Other miniBB Support Forums / The Other /
 admin password security
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Proceed with the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑