TVTropes Now available in the app store!
Open

Follow TV Tropes

Following

Reasons for using PMWiki's forum inplementation?

Go To

Fighteer Lost in Space from The Time Vortex (Time Abyss) Relationship Status: TV Tropes ruined my love life
Lost in Space
#26: Aug 12th 2011 at 6:27:36 AM

If passwords are encrypted DB-side, then the only vulnerability is on the end-user's side: that being the risk that their local machine is compromised or that their connection is being snooped on. As Eddie said, that's the user's problem, not the wiki's.

"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
SilentReverence adopting kitteh from 3 tiles right 1 tile up Since: Jan, 2010
adopting kitteh
#27: Aug 12th 2011 at 8:06:54 AM

"troperhandle" and "mazeltov" are transferred and stored locally in plaintext, not even salted, and the authentication system apparently uses plain POST, Fighteer.

While I'm usually the first to jump on the "security is a process, users should learn" bandwagon (judtifiedly), the truth is even if users are in an enough position of knowpower to secure their computers proactively or reactively , that can very likely not secure their connections. Encryption at the backend does not transfer security to the frontend — companies that want to offer a safer frontend use SSL or an alternative.

Not saying that the current system is bad, considering that there's not much else to protect than the actual handle and that for most cases it's easy to recover (however, I foresee cases where someone will have their account compromised, used for trolling, leading to FE's favored strategy of Orwellian Retconning things, like posts, out of existence, which means content that can not be recovered), but pointing out that you shouldn't be claiming to offer security at a level that you're not and shifting blame on users for potential failures. That's Business CS 101.

Fanfic Recs orwellianretcon'd: cutlocked for committee or for Google?
Fighteer Lost in Space from The Time Vortex (Time Abyss) Relationship Status: TV Tropes ruined my love life
Lost in Space
#28: Aug 12th 2011 at 8:11:19 AM

Who's claiming to offer security that they aren't? I don't recall Eddie ever making any such claims.

Surely we could SSL the login process, but someone's gotta spring for the certificate.

"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
juancarlos Faith in the self. Since: Mar, 2012
Faith in the self.
#29: Aug 12th 2011 at 8:11:39 AM

If passwords are encrypted DB-side, then the only vulnerability is on the end-user's side: that being the risk that their local machine is compromised or that their connection is being snooped on. As Eddie said, that's the user's problem, not the wiki's.

Yes, but the wiki should ensure its users security and not make it a risk to make an account here

edited 12th Aug '11 8:11:50 AM by juancarlos

"My life is my own" | If you want to contact me privately, please ask first on the forum.
Fighteer Lost in Space from The Time Vortex (Time Abyss) Relationship Status: TV Tropes ruined my love life
Lost in Space
#30: Aug 12th 2011 at 8:15:45 AM

What risk? You have no personally identifiable information at all on your profile, unless you voluntarily choose to put it there. Similarly, if you're concerned about password security, use a different password. Honestly, I'm quite a bit less concerned about the security of my TV Tropes account than I am about, say, my bank account.

That said, it's not me you have to convince but Eddie that SSL encryption on logins is worth the effort and expense.

edited 12th Aug '11 8:16:16 AM by Fighteer

"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
CyganAngel Away on the wind~ from Arcadia Since: Oct, 2010
Away on the wind~
#31: Aug 12th 2011 at 8:18:40 AM

If anybody wanted, at this point in time, it would be fairly easy for them to hack into the database and grab people's passwords.

Screw what you do with them elsewhere. What can they do with my account here? They can blank pages, vandalize things, harass Eddie via PM's, start creepy threads on the forum, and I will take the blame for it.

Similarly... If there's only a pretence at security, why do we even bother with passwords :/

There are too many toasters in my chimney!
juancarlos Faith in the self. Since: Mar, 2012
Faith in the self.
#32: Aug 12th 2011 at 8:21:09 AM

Exactly. It's not a matter of our security outside this very site, but it's a matter of our secutirty inside this site, and what they can do with the things and the names in our accounts.

Not to mention that if the security holes are as big as they seemingly are, anyone can hack into an administrator account and start to really fuck things up in the wiki and in the forums.

"My life is my own" | If you want to contact me privately, please ask first on the forum.
shimaspawn from Here and Now Since: May, 2010 Relationship Status: In your bunk
#33: Aug 12th 2011 at 8:36:12 AM

The database is secure. The holes are all with how the password is sent to and from your computer. Once it hits the site, it's secure. It's just inbetween that's weak.

Reality is that, which when you stop believing in it, doesn't go away. -Philip K. Dick
annebeeche watching down on us from by the long tidal river Since: Nov, 2010
watching down on us
#34: Aug 12th 2011 at 11:12:54 AM

Look at this way, Eddie. The reason why you won't make a quote button on this site is because you believe that they exist primarily for the abuse of trolls and you want to make that harder for them.

Well, if the system stores the passwords in plain text, any troll with an inkling of hacker skills will be able to extract the passwords from the system and hack any account. And then they can troll, troll to their heart's content.

So you want to make the trolls' jobs harder? All you have to do is improve the security.

Banned entirely for telling FE that he was being rude and not contributing to the discussion. I shall watch down from the goon heavens.
SilentReverence adopting kitteh from 3 tiles right 1 tile up Since: Jan, 2010
adopting kitteh
#35: Aug 12th 2011 at 11:36:17 AM

For what is worth, I'm pretty sure SSL is definitively not worth it from a technical / development cost standpoint. It could be a good idea to salt the password with some kind of information that migrates with the user's browser profile, so that even if someone gets the cookie, they can not instantly use it (they'd likely have a different machine), they'd have to fetch the password at the time of submission. Of course, that means salting the password at the user storage stage, too.

One extra note, self-signed certificates are almost zero cost, I have generated those in a matter of two minutes and have had no issue. Apparently having no subdomains helps with that though...

edited 12th Aug '11 11:36:47 AM by SilentReverence

Fanfic Recs orwellianretcon'd: cutlocked for committee or for Google?
Fighteer Lost in Space from The Time Vortex (Time Abyss) Relationship Status: TV Tropes ruined my love life
Lost in Space
#36: Aug 12th 2011 at 11:50:44 AM

annebeeche, the passwords are not stored in plaintext. I have no idea where you got this notion. They are in plain text on the end user's side, of course, in the cookie, but not in the master database. Cracking the server would not yield any useful information. At most you can compromise individual users' accounts by having access to their cookies or to their data stream.

Self-signing is hardly better than no signing; if you try that then everyone who visits the site will get a huge CERTIFICATE ERROR splash. Bad, bad idea for a major public site. Either do it properly or not at all.

Edit: I am not disputing the value of encrypted password storage on the end-user's side. It seems like a no-brainer security decision, but we're talking about a wiki, not a bank site. It's a matter of priorities, not absolute necessity. If you're that concerned about it in the meantime, don't register here.

edited 12th Aug '11 12:09:22 PM by Fighteer

"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
Ponicalica from facing Buttercup Since: May, 2010
#37: Aug 12th 2011 at 6:48:53 PM

« and the authentication system apparently uses plain POST, Fighteer.» Plain GET, actually, if I remember correctly.

the future we had hoped for
SR101 Since: Aug, 2011
#38: Aug 12th 2011 at 7:55:58 PM

The system, what there is of it, is here to increase the odds the edits are coming from something other than a script. That's it. Not to protect the accounts. The accounts are information-free and just add some features for the account.
That's a curious position to take on user accounts, and certainly not in line with what most people would expect from such a system. People stake their on-site reputations on these names, so having a poorly-implemented authentication system that does not guarantee identity is arguably worse than not having one at all. If the intention was to protect the site from automated attacks, the proper tools to use are those specifically geared towards protecting from those attacks, like captchas or heuristic tools such as Bad Behavior.

As an aside, the current authentication system seems to rely largely on security by obscurity, and would be vulnerable to bot-based attacks with minimal supervision. So even for its stated purpose, it seems to be unsuitably weak.

(Edit: SSL is a red herring here; encrypting credentials in transit does nothing to help when the site fails to check them in the first place. It's like putting a door key in a combination safe when there's no lock on the door to begin with.)

edited 12th Aug '11 7:59:11 PM by SR101

annebeeche watching down on us from by the long tidal river Since: Nov, 2010
watching down on us
#39: Aug 12th 2011 at 9:03:30 PM

Fighteer: Really? That was second-hand information coming from a criticism made by multiple people. I stand corrected.

I guess the password being stored in plain text on the cookie isn't as bad, but that means that it's unsafe to log in on a shared system where anybody can open the cookie and get your password.


Another thing:

I know that on the image uploader your password is already in the password bar. Question is, where does that password come from, the cookie or the system?

If it comes from the system, that means the encryption is reversible and that's not good.

edited 12th Aug '11 9:04:51 PM by annebeeche

Banned entirely for telling FE that he was being rude and not contributing to the discussion. I shall watch down from the goon heavens.
FastEddie Since: Apr, 2004
#40: Aug 12th 2011 at 9:45:19 PM

The cookie.

Goal: Clear, Concise and Witty
annebeeche watching down on us from by the long tidal river Since: Nov, 2010
watching down on us
#41: Aug 12th 2011 at 10:08:19 PM

Oh, okay.

Hey, have people suggested a password-changing feature before?

Banned entirely for telling FE that he was being rude and not contributing to the discussion. I shall watch down from the goon heavens.
juancarlos Faith in the self. Since: Mar, 2012
Faith in the self.
#42: Aug 12th 2011 at 10:09:32 PM

We have one.

"My life is my own" | If you want to contact me privately, please ask first on the forum.
annebeeche watching down on us from by the long tidal river Since: Nov, 2010
watching down on us
#43: Aug 13th 2011 at 12:23:03 AM

We have one? Where is it?

Banned entirely for telling FE that he was being rude and not contributing to the discussion. I shall watch down from the goon heavens.
juancarlos Faith in the self. Since: Mar, 2012
Faith in the self.
#44: Aug 13th 2011 at 12:27:29 AM

[1]

"My life is my own" | If you want to contact me privately, please ask first on the forum.
Fighteer Lost in Space from The Time Vortex (Time Abyss) Relationship Status: TV Tropes ruined my love life
Lost in Space
#45: Aug 13th 2011 at 7:46:45 AM

it's unsafe to log in on a shared system where anybody can open the cookie and get your password.

It is always unsafe to log in on a shared system, regardless of whether the connection is SSL-encrypted, uses hashed password cookies, or any other security measures. The simple fact of keyloggers makes these protections useless.

The safest way to use a public system is to bring your own secure USB device that has a self-contained browser that leaves no traces on the host system — and to use a password safe that uses a non-loggable authentication method, like a on-screen graphical keyboard. Oh, and don't forget two-factor authentication, such as a hardware key or a biometric. And even those could theoretically be subject to esoteric forms of attack.

And all of this so you can post your opinions about Sonic The Hedgehog. Really, it's a matter of proportion.

"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
Medinoc from France (Before Recorded History)
#46: Aug 13th 2011 at 9:39:25 AM

So, the important part is: DON'T REUSE YOUR PASSWORD. I changed mine yesterday due to reading this discussion.

edited 13th Aug '11 9:39:43 AM by Medinoc

"And as long as a sack of shit is not a good thing to be, chivalry will never die."
Fighteer Lost in Space from The Time Vortex (Time Abyss) Relationship Status: TV Tropes ruined my love life
Lost in Space
#47: Aug 13th 2011 at 4:20:52 PM

A password store lets you generate unique high-entropy passwords that you don't need to worry about remembering because they're kept under a single master password. Hopefully you don't forget that one.

edited 13th Aug '11 4:21:06 PM by Fighteer

"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
BlackHumor Since: Jan, 2001
#48: Aug 13th 2011 at 10:49:57 PM

Eh, complaint about the password changer:

If it fills the "new password" field with your current password automatically, what's the point of whiting out your old password? And it's not like you even need to autofill the box, because who would change their password to their current one anyway?

EnglishIvy Since: Aug, 2011
#49: Aug 13th 2011 at 11:01:37 PM

That sounds like it could lead to abuse.

Medinoc from France (Before Recorded History)
#50: Aug 14th 2011 at 3:09:36 AM

Yeah, if anyone gets access to your computer for two minutes, they can change the password and erase the cookies.

"And as long as a sack of shit is not a good thing to be, chivalry will never die."
Add Post

Total posts: 50
Top