Gossamer Forum
Quote Reply
Security?
Many Internet users apply the same login & password to many accounts.

For security, shouldn't GLinks user passwords be encrypted even from the admin?

Dave
Quote Reply
Re: [dlpsr] Security? In reply to
No after having managed a directory that received traffic in few millions.. I think current password system where admin has full access, is very helpful.

Vishal
-------------------------------------------------------
Quote Reply
Re: [SWDevil.Com] Security? In reply to
I am a big fan of Links but storing unencrypted passwords is very poor security.

It doesn't matter that the links etc. users submit aren't financial or sensitive data - basic internet security dictates that this is a security risk, not only to the site but the registered users of the site as well.

I can't see any advantage of it at all.
Quote Reply
Re: [dlpsr] Security? In reply to
One word - GCommunity =) You can store encrypted passwords via that, which is a great feature :)

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] Security? In reply to
My original question was actually a question to Gossamer-Threads, Inc. to consider
and not to stir a stink.

Scenario:
What if a crook buys GLinks? Its easy to then assume that a lot of users of Glinks
use the same password and login. Then the crook steals their identity etc. See what I was asking.

That was my intent, not to mess up anyones Links etc. If I were the developer, it would definately
have the passwords encrypted. The liability that come into play is just to great to risk.

Of course I'm not the developer so you can do it any way you like. I'm no risk.Smile
I do know there are enough nogoods on the web to stumle on it though.

IMHO, passwords should always be encrypted. Period.

Dave
Quote Reply
Re: [dlpsr] Security? In reply to
We try to use encrypted passwords when we can, but for Gossamer Links, it isn't used due to backwards compatibility issues. We might implement something like Gossamer Forum where the admin can choose whether or not to encrypt the passwords or not in a future release.

In Reply To:
What if a crook buys GLinks? Its easy to then assume that a lot of users of Glinks
use the same password and login. Then the crook steals their identity etc. See what I was asking.
If they can manage to get people to sign up, then there's not much you can really do about that. Even if we forced password encryption, it's easy enough for someone to change the code to send them the unencrypted password.

Adrian