raymor

Indeed, which is why you block those proxies using something like Strongbox.

Any reason for that? If you DON'T choose their passwords for them, a suprisingly
large number will choose the word "password" as their password. Another large
percentage will make their password the same as their user name and their user name
is easy to get.

It can be set to generate user names and passwords, random ones that suck.
It can also be set to use GOOD user names and passwords generated by our tool.

Kind of close, but no. The CCBill log doesn't include the password and it's not encrypted.
Also this has nothing at all to do with choosing the user's password for them, BTW.
The CCBill log and other files are IDENTICAL whether the user chooses the password,
the password is random characters assigned by CCBill, or it's a good password genertaed
by our tool.
What you're thinking of is the password file, .htpasswd, which every password protected
site has. A very few sites store the list in a database rather than a file, but that makes
no difference becuse they are both just about equally readable. Way back in the day
the passwords in the password file used to be encrypted using a type of encryption called DES,
which can now be cracked in seconds. CCBill and the other processors all still use DES
as the default and make it easy for a cracker to get most of your passwords. We routinely
update the scripts that the processor's give you to use a much stronger type of encryption
called "salted MD5".
More info about all of this can be found on this page:
http://bettercgi.com/strongbox/passgen/

__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids