Topic: Autologin and passwords... (Page 1 of 1) Pages that link to <a href="http://ozoneasylum.com/backlink?for=23302" title="Pages that link to Topic: Autologin and passwords... (Page 1 of 1)" rel="nofollow" >Topic: Autologin and passwords... <span class="small">(Page 1 of 1)</span>\

 
Alevice
Paranoid (IV) Inmate

From: Mexico
Insane since: Dec 2002

IP logged posted posted 09-15-2004 01:02 Edit Quote

I just noticed that the password when the site automatically "logs in" is located in the password input in a very accesible way. It may be just a bit of paranoia, but I certainly wouldn't want my password to be located in such an easy way.

I know that the page is automatically generated with PHP, but someone (read, a bored hacker, or something) who may be able to access my comp can see my password.



__________________________________


Sexy Demoness cel

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

IP logged posted posted 09-15-2004 09:03 Edit Quote

or install a keylogger.

Once he's in front of your machine, you've lost anyhow.

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

IP logged posted posted 10-16-2004 02:27 Edit Quote

well, for the system to be able to put your password automatically into the password field it has to be either stored in your cookie or as in a reversible encryption in the database, right? Doesn't this make it a hell of a lot less secure (and more likely to be intercepted) than if once it registered your session it simply didn't have the fields appear and just continued with the previous session?

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

IP logged posted posted 10-16-2004 13:30 Edit Quote

it just doesn't matter. Having a session key would give the hypothetical 'in-front-of-your-machine' attacker excat the same amount of leverage that your password does.

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

IP logged posted posted 10-16-2004 18:33 Edit Quote

Of course, that's why it is an option

Convenience vs. security is a balance each person must undertake for themselves....

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

IP logged posted posted 10-17-2004 06:46 Edit Quote

True points all.

Webgirl
Obsessive-Compulsive (I) Inmate

From: Around
Insane since: Apr 2005

IP logged posted posted 06-26-2005 23:46 Edit Quote

Well whenever I posted I received a information that I had either a wrong user name or wrong password so everytime I muss give my password - I find it quite funny

Make my day and give me a smile

In like Flynn
Nervous Wreck (II) Inmate

From: TucsonWhere am I
Insane since: Jul 2005

IP logged posted posted 07-11-2005 02:03 Edit Quote

How do you log out?

Can't find my way outta here!!

This is one craaaaaaaaaaaazy place
in here.

Why am I here?
Why am I??

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

IP logged posted posted 07-11-2005 04:25 Edit Quote

You are not logged in.

So there is nothing to log out of.

White Hawk
Maniac (V) Inmate

From: zero divided.
Insane since: May 2004

IP logged posted posted 07-11-2005 22:36 Edit Quote

In like Flynn, you only 'log in' when you post, and only for the purpose of asserting your identity for the post. If you click 'Forget about me' below your password (and if paranoid, clear passwords and form data) then you will no longer see your username and password in the post box.

While viewing these pages, you are not logged-in. When you post, you are not logged-in either - just verified.

At least, I think that's right. *looks to the real Maniacs for confirmation*

faygo
Obsessive-Compulsive (I) Inmate

From: Detroit, Michigan
Insane since: Feb 2003

IP logged posted posted 08-03-2005 15:13 Edit Quote

Interesting...

-Faith
afaith.com

Webgirl
Nervous Wreck (II) Inmate

From: Around
Insane since: Apr 2005

IP logged posted posted 08-04-2005 00:39 Edit Quote

Are you satisfied now? - dont worry be happy

Make my day and give me a smile



Post Reply
 
Your User Name:
Your Password:
Login Options: Remember Me On This Computer
 
Your Text:
Loading...
Options: Show Signature
Enable Slimies
Enable Linkwords

« BackwardsOnwards »

Show Forum Drop Down Menu