Quote:
Originally Posted by raymor
No, that's not what I mean. Well, that's a small part of it.
Just using random passesthey can and often are ripped just the same as
if the user chooses them, which is why Frog has to issue new passwords,
because the original passwords aren't secure. There is more that we
do to make sure that crackers can't get the passwords, unless of course
the member gives it out.
All it takes is one line in his .procmail file and then the server side include
in the page keeps it updated. I don't have to PICTURE this happening, I SEE
it all day long in the wild.
That is NOT correct. Several people use Strongbox with a similar zip set type
site, and at a reasonable price. Strongbox is not priced per protected area,
but per site.
|
So your saying random alphanumeric with special charactors is LESS secure then the passwords that strongbox uses for preventing brut force attacks from getting a successfull user/pass....
Maybe its just me, but RANDOM alphanumeric with special charactors is about as secure a password as you can create.
Or are you just talking about that picture that members have to enter, the one that every member hates have to fill in to get into the site?
Seems to me most of the big password sharing sites are forums, I dont know of many forums that alow php tags in posts.
And even then I would be surprised if you got one user a week that would do this and require you to manually dissable his account. That seems a whole lot less work then having to deal with users every single day all the time.
I have only heard of one person using strongbox with zips, and how they got it working is well interesting I guess you would call it. Everyone else says not to even try using strongbox for zips.