GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   password protection and security... More food for thought... (https://gfy.com/showthread.php?t=796528)

Deej 01-02-2008 03:17 PM
password protection and security... More food for thought...
 
OK so you have a members area...

Be it paysite or be it affiliate area... its all the same question here... BUT, if there is a significant difference, please do, elaborate as to why? besides free rides... im talking security...


ok, so is it fine and dandy to pull from a text file or passwd file as long as that file is properly protected as well... or is it much safer and smarter to pull from a database?

rhymes and reasons... I'm verklempt... talk amongst yourselves... I'll give you a topic...

Password security...

Dirty F 01-02-2008 03:20 PM
Scheisse!

AlienQ - BANNED FOR LIFE 01-02-2008 03:21 PM
The solution is simple yo...

Deej 01-02-2008 03:23 PM
Quote:
Originally Posted by AlienQ (Post 13593365)
The solution is simple yo...
This is an attempt to bring back real life thinking... instead of horse shit... so please, do elaborate...


Unless of course you cant reveal any more of your inventions....

esnem 01-02-2008 03:23 PM
i bought passwordsecurity.com over the weekend, good topic to discuss :)

Deej 01-02-2008 03:23 PM
Quote:
Originally Posted by Dirty F (Post 13593357)
Scheisse!
Dont be a pussy... book it ...

raymor 01-02-2008 03:58 PM
Quote:
Originally Posted by Deej (Post 13593349)
ok, so is it fine and dandy to pull from a text file or passwd file as long as that file is properly protected as well... or is it much safer and smarter to pull from a database?
I see no real difference between a flat file (.htpasswd) or a relational database (MySQL)
per se in terms of security. The database may be a bit more secure if it's
used ONLY for authentication because it would be harder for crackers to read.
However if that same database is accessible to other scripts such as a CMS
than crackers may be able to read the database more easily than from a
flat file, or vice versa. So that's a wash if the database is used for anything else,
or is accessible using the same user name and password used for other
databases.

Probably the biggest real life difference which is a distinction between flat
file versus relational per se has to do with how each is commonly used.
Often, systems which use a relational database such as MySQL to store
passwords will store those passwords in plain text, unencrypted. That's a
big no no security wise. A flat file will typically use DES encrpytion, which
is better than no encrpytion, but it's pretty weak. So score half a point for
flat text (.htpasswd). Both flat text (.htpasswd) and relational (MySQL) CAN
be used with strong encryption. Whether or not you use effective encryption
is probably 100 times more important than whether you use flat text or reltional.

Dirty F 01-02-2008 03:59 PM
Sig spot!

Deej 01-02-2008 11:04 PM
Quote:
Originally Posted by raymor (Post 13593615)
I see no real difference between a flat file (.htpasswd) or a relational database (MySQL)
per se in terms of security. The database may be a bit more secure if it's
used ONLY for authentication because it would be harder for crackers to read.
However if that same database is accessible to other scripts such as a CMS
than crackers may be able to read the database more easily than from a
flat file, or vice versa. So that's a wash if the database is used for anything else,
or is accessible using the same user name and password used for other
databases.

Probably the biggest real life difference which is a distinction between flat
file versus relational per se has to do with how each is commonly used.
Often, systems which use a relational database such as MySQL to store
passwords will store those passwords in plain text, unencrypted. That's a
big no no security wise. A flat file will typically use DES encrpytion, which
is better than no encrpytion, but it's pretty weak. So score half a point for
flat text (.htpasswd). Both flat text (.htpasswd) and relational (MySQL) CAN
be used with strong encryption. Whether or not you use effective encryption
is probably 100 times more important than whether you use flat text or reltional.
Quality Answer...

:thumbsup

Deej 01-02-2008 11:05 PM
Quote:
Originally Posted by Dirty F (Post 13593624)
Sig spot!
Damn, You're Sexy!


All times are GMT -7. The time now is 04:35 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123