Topic: Autologin and passwords... (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=23302" title="Pages that link to Topic: Autologin and passwords... (Page 1 of 1)" rel="nofollow" >Topic: Autologin and passwords... <span class="small">(Page 1 of 1)</span>\

 
Alevice
Paranoid (IV) Inmate

From: Mexico
Insane since: Dec 2002

posted posted 09-15-2004 01:02

I just noticed that the password when the site automatically "logs in" is located in the password input in a very accesible way. It may be just a bit of paranoia, but I certainly wouldn't want my password to be located in such an easy way.

I know that the page is automatically generated with PHP, but someone (read, a bored hacker, or something) who may be able to access my comp can see my password.



__________________________________


Sexy Demoness cel

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 09-15-2004 09:03

or install a keylogger.

Once he's in front of your machine, you've lost anyhow.

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted posted 10-16-2004 02:27

well, for the system to be able to put your password automatically into the password field it has to be either stored in your cookie or as in a reversible encryption in the database, right? Doesn't this make it a hell of a lot less secure (and more likely to be intercepted) than if once it registered your session it simply didn't have the fields appear and just continued with the previous session?

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 10-16-2004 13:30

it just doesn't matter. Having a session key would give the hypothetical 'in-front-of-your-machine' attacker excat the same amount of leverage that your password does.

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 10-16-2004 18:33

Of course, that's why it is an option

Convenience vs. security is a balance each person must undertake for themselves....

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted posted 10-17-2004 06:46

True points all.

Webgirl
Obsessive-Compulsive (I) Inmate

From: Around
Insane since: Apr 2005

posted posted 06-26-2005 23:46

Well whenever I posted I received a information that I had either a wrong user name or wrong password so everytime I muss give my password - I find it quite funny

Make my day and give me a smile

In like Flynn
Nervous Wreck (II) Inmate

From: TucsonWhere am I
Insane since: Jul 2005

posted posted 07-11-2005 02:03

How do you log out?

Can't find my way outta here!!

This is one craaaaaaaaaaaazy place
in here.

Why am I here?
Why am I??

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 07-11-2005 04:25

You are not logged in.

So there is nothing to log out of.

White Hawk
Maniac (V) Inmate

From: zero divided.
Insane since: May 2004

posted posted 07-11-2005 22:36

In like Flynn, you only 'log in' when you post, and only for the purpose of asserting your identity for the post. If you click 'Forget about me' below your password (and if paranoid, clear passwords and form data) then you will no longer see your username and password in the post box.

While viewing these pages, you are not logged-in. When you post, you are not logged-in either - just verified.

At least, I think that's right. *looks to the real Maniacs for confirmation*

faygo
Obsessive-Compulsive (I) Inmate

From: Detroit, Michigan
Insane since: Feb 2003

posted posted 08-03-2005 15:13

Interesting...

-Faith
afaith.com

Webgirl
Nervous Wreck (II) Inmate

From: Around
Insane since: Apr 2005

posted posted 08-04-2005 00:39

Are you satisfied now? - dont worry be happy

Make my day and give me a smile



Post Reply
 
Your User Name:
Your Password:
Login Options:
 
Your Text:
Loading...
Options:


« BackwardsOnwards »

Show Forum Drop Down Menu