|
|
 Alan Chard - 2005-08-27 00:08:22 Olaf,
I have set up access user class and expect to use it to register and control users on a new database-driven site. Thank you for your work.
While testing the forgotten password function I saw that the new password is sent back to the user in plain text in the source of the page that confirms that the password has been changed. Is this a security risk ?
I am fairly new to php so I have been studying the code to learn more, this is my first experience of OO code, so it is testing me, maybe I should have tried something easier to learn with.
Alan
 Olaf Lederer - 2005-08-27 05:30:26 - In reply to message 1 from Alan Chardhmmm.... good question I don't think so, because the string is send to the mail address of the owner. Of course if someone he can enter this 32 chars long string into the login form together with the login and then this moment the person have access, but is this really possible? If you think so, use a max length of the password field, f.e. a value of 30 chars and inform the user about it during registration etc. By the way the browser send all strings unencoded across the internet. If you wan't to prevent this you have to use a SSL connection. If you gonna try this let me know if it's possible with this class (I never tried).
Thanks for this important question.
 Patricia Machado - 2005-08-27 14:59:49 - In reply to message 2 from Olaf LedererOlaf: your work it's great, but Alan has a piont... send plain text pass is always a bad idea...
Why not send a password CAPTCHA image in the mail?
Or, if you want to send only plain text mails, send a link to the CAPTCHA pass to the user...
I' think will be all happy this way...
Greetings from Uruguay and don't give up...
Olaf Lederer - 2005-08-27 15:50:34 - In reply to message 3 from Patricia Machadoyes you're right what he said let me think...
It looks to me a better idea to send some (md5 or other encrypted)string which is not the password but something other, this works good for forums and other software.
what do you think guys?
Patricia Machado - 2005-08-27 17:42:23 - In reply to message 4 from Olaf LedererIt's a good idea too. I pointed the image tip because that kind of solution (to send an image instead of text) is become more and more used now to send mail directions and other sensitive data over the network...
I think the mod you propose will make the data travel more safe...
In the end... all this is about obstruct the robbery of data, not to prevent it. That is virtually impossible...
Alan Chard - 2005-08-29 21:06:30 - In reply to message 5 from Patricia MachadoThank you for your replies and consideration of this, I'm fairly new to security stuff. I agree that sending the open text to the user's email address is a low risk. I thought later that the reply page could be a demonstration and that users of this class could write their own.
I will study the code more.
As a general issue I can not decide whether it is better to save something like the md5 digest of the password, then when the user has forgotten the password to send them to a page that allows them to reset the password to something new, or to keep the password in the database so that it can be sent to the user of demand.
Alan
Olaf Lederer - 2005-08-29 21:40:27 - In reply to message 6 from Alan ChardWhat you gonna do depends on how you like to handle this kind of data:
If it's only a member system where you're the "master" then it's Ok to store the password as it is.
But if you think that the personal login of a member has to be secret than store a crypted password.
I think the last one is the most common...
|
