11-10-10 08:36 PM - Post#84858    

One of our forum members pointed out that our registration and logins should go to a secure layer, then back to the regular layer for reading and posting. His thought was if someone's at a coffee shop and logs in, someone on wifi could grab the password, which maybe the member uses on other sites.

Do I have something set up wrong, or is there a fix for this?

Site is

http://www.davedraper.com/fusionbb/index...

... if you need to see what's going on... but I assume everyone's setup is the same, no?

Thanks.

IronOnline weight training and nutrition forum http://www.davedraper.com/fusionbb/index...

11-11-10 09:29 AM - Post#84859    

    In response to Laree Draper

Passwords are NOT sent as clear text they are sent as an md5 hash so they are secure enough for a forum. If someone was to grab your password like he is explaining it could be eventually converted back to a clear text password but they would have to jump over many hoops.

The artist formerly known as scroungr Couch-Tomatoe

11-11-10 09:57 AM - Post#84860    

    In response to Couchtomatoe

Oh, excellent, thanks very much!

IronOnline weight training and nutrition forum http://www.davedraper.com/fusionbb/index...

11-11-10 10:02 AM - Post#84861    

    In response to Laree Draper

and this doesn't mean we can;t get better.. in 3.2 we will introduce salted passwords and maybe ssha1 passwords.. but its not something the user will see.. its all back end.. But if the user is concerned that their password will be cracked then maybe they need to store them better because while passwords can be brute forced (not cracked more of a guess) there shouldn't be anything on a forum that they wouldn't want to tell their mother.. or lawyer..

The artist formerly known as scroungr Couch-Tomatoe