Possible Security issue with user registration
18 years 4 months ago #1971
by mortenhm
--
Morten Holdflod Møller
CB3PD subscribemailman
Replied by mortenhm on topic Re:Possible Security issue with user registration
geeffland wrote:
It is not the least bit secure!
The only way of realy making it secure is to use some kind of encryption. The best way, in my oppinion, is to use a transport layer encryption like ssl/https or vpn/ipsec.
CB could do some hashing but it would never be enough if security really is needed. As I recall I have read that the current hash functions (MD5, SHA1) have been broken or at least are to weak.
A quick google found this article about the weak hashes.
Shouldn't this data be somewhat encrypted before being passed through the internet? Or is this somehow more secure than I think since it happens behind the php code (i.e. does not show up in the address bar)??...
It is not the least bit secure!
The only way of realy making it secure is to use some kind of encryption. The best way, in my oppinion, is to use a transport layer encryption like ssl/https or vpn/ipsec.CB could do some hashing but it would never be enough if security really is needed. As I recall I have read that the current hash functions (MD5, SHA1) have been broken or at least are to weak.
A quick google found this article about the weak hashes.
--
Morten Holdflod Møller
CB3PD subscribemailman
Please Log in to join the conversation.
beat
18 years 4 months ago #2132
by beat
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Replied by beat on topic Re:Possible Security issue with user registration
The best way to increase security on the transmission is to use https for that and once you are on logged-in session.
I've contributed some little changes to Joomla for that purpose making joomla auto-detect https access and correct liveSite setting on the fly so that the same pages can be accessed by http and https, and I think I saw them implemented in Joomla! 1.0.4.
In the CB RC2 login module, there is a backend parameter for that purpose, which sends the login information securely, and logs into the https part.
Obviously, you will need to configure your hosting a little for that and get a certificate for https to avoid a user-level warning.
I've contributed some little changes to Joomla for that purpose making joomla auto-detect https access and correct liveSite setting on the fly so that the same pages can be accessed by http and https, and I think I saw them implemented in Joomla! 1.0.4.
In the CB RC2 login module, there is a backend parameter for that purpose, which sends the login information securely, and logs into the https part.
Obviously, you will need to configure your hosting a little for that and get a certificate for https to avoid a user-level warning.
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Please Log in to join the conversation.
18 years 4 months ago #2564
by beat
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.236 seconds
