Tweet
Was just wondering, when somebody is about to log in to MS and types in the username and password, is the password encrypted when it is sent over the net?
-
If you're fond of sand dunes and salty air,
quaint little villages here and there ... -
no. The password box is a simple text box that is POSTed to the server in plain text -
Pickles not entirely right, we're not using an https folder but the passwords are converted into funky characters by the php when you hit the submit button.... while the information itself is not encrypted, its changed when it travels over the internet and so its not in plain text... once it reaches the db, its stored there in the same format and so even as an admin, I cannot read your password in the database because it is changed
hope that helps
-e-www.mjwebhosting.com
Jib says:
he isnt worth the water that splashes up into your asshole while you're shittingOriginally posted by ace_dlComment
-
But we can change it to suckmyballsyoudirtymofo or whatever.
Comment
-
Right, thanks for the answer. The point of my question was to find out whether someone using a packet sniffer could pick up the passwords, not whether the admins can read them ...[...] so even as an admin, I cannot read your password in the database
Just curious about password security ... I ask myself the same thing everytime I log in to yahoo.If you're fond of sand dunes and salty air,
quaint little villages here and there ...Comment
-
You're wrong. I looked at the source code and it submits the plain text user/pass to the login.php, which might encrypt it... but it's still submitted over the network in plain text. I just verified this with a packet sniffer.Originally posted by Encryption
It's sent in plain text.Comment
-
they can pick it up but it would take a good bit of phpbb decoding to see how the passwords are restructured.....as I said, while the packet itself if not encrypted during its journey over the net, password itself is changed so no one truly knows what your password is
-e-www.mjwebhosting.com
Jib says:
he isnt worth the water that splashes up into your asshole while you're shittingOriginally posted by ace_dlComment
-
I sniff girls' panties.A good shower head and my right hand - the two best lovers that I ever had.Comment
-
According to -e-, Admins can't read them.Originally posted by herogee
Anybody else can if they're using a packet sniffer. I just verified this.Comment
-
-
how'd you verify this again ?Originally posted by picklemonkeywww.mjwebhosting.com
Jib says:
he isnt worth the water that splashes up into your asshole while you're shittingOriginally posted by ace_dlComment
-
no wait let me guess, you put a packet sniffer on your local machine and had it pick up the passwords ?
www.mjwebhosting.com
Jib says:
he isnt worth the water that splashes up into your asshole while you're shittingOriginally posted by ace_dlComment
-
I work in IT. I already have a packet sniffer installed.Comment
-
You da man picklez"The more corrupt the state, the more numerous the laws." - Tacitus (55-117 A.D.)
"That government is best which governs the least, because its people discipline themselves."
- Thomas JeffersonComment
-
damn, u PWNED Me on that one....
I find it hard to believe that its printing out the passwords directly on an http transfer, I know I read it somewhere on their forums that passwords are changed and transmitted over the net.....
guess that answers your Q herogee....
-e-www.mjwebhosting.com
Jib says:
he isnt worth the water that splashes up into your asshole while you're shittingOriginally posted by ace_dlComment
![PsynceFiction[MS]](data:image/svg+xml;base64,CgkJCTxzdmcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2aWV3Qm94PScwIDAgNTAgNTAnPgoJCQkJPHJlY3Qgd2lkdGg9JzEwMCUnIGhlaWdodD0nMTAwJScgZmlsbD0nIzYzOTJhYycgLz4KCQkJCTx0ZXh0IHg9JzUwJScgeT0nNTAlJyBmaWxsPSd3aGl0ZScgZm9udC13ZWlnaHQ9J2JvbGQnIGZvbnQtZmFtaWx5PSdBcmlhbCcgZm9udC1zaXplPSczMDAlJyBkb21pbmFudC1iYXNlbGluZT0nY2VudHJhbCcgdGV4dC1hbmNob3I9J21pZGRsZSc+UDwvdGV4dD4KCQkJPC9zdmc+CgkJ "PsynceFiction[MS]")
Comment