Blockland Forums > General Discussion
The Blockland Bulletin
Sheath:
/controversy
Scout31:
I agree with Kalphiter, being one of the rare moments when I do.
Also, very biased against Ephi. Example:
--- Quote ---Twice in the discussion Ephialtes is shown to pass the responsibility of his decision onto Badspot and hide behind him to get away with his decisions.
--- End quote ---
Perhaps he felt as if Badspot could handle the issue better.
cucumberdude:
"Here is some attached code so you could possibly understand:Credentials are submitted raw."
You're joking right? Maybe I'm confused as to when encryption is supposed to happen.
As I understand, you use encryption on the passwords in the database, and on the plaintext password entered by users logging in...
--- Code: ---if(md5($_POST['password'] == md5($pass_from_db))
{
login
}
else
{
nope.avi
}
--- End code ---
Obviously, that's pseudo-code - input needs to be sanitized and whatnot.
Is there a way to directly encrypt post data?
EDIT: Just to clarify, passwords ARE encrypted.
DOUBLEEDIT: Just saw this.
--- Quote from: Kalphiter on March 09, 2011, 11:18:08 PM --- Based on a previous actions of Cucumberdude, I really don't expect anything good and stunning to come from him.
--- End quote ---
What? I don't think I've ever released any web sites to the forums before. I've made maybe one or two addons. What previous actions are you referring to?
Scout31:
You have no idea what you're doing. Stop, and come back in about a year.
Kalphiter:
--- Quote from: cucumberdude on March 09, 2011, 11:29:03 PM ---and on the plaintext password entered by users logging in...
--- End quote ---
There's your problem.
You just told us all that you have no clue what you're doing. We can't prove you're hashing them server-sided. If they are hashed a few times client-sided, we know that you cannot possibly harvest any passwords. You offered no evidence that you care and do not seem to have the knowledge to do so.