
Daniel0
Staff Alumni-
Posts
11,885 -
Joined
-
Last visited
Everything posted by Daniel0
-
I'll have to agree with premiso. I think some people wouldn't like the privacy implications it'll have as well.
-
I've lowered the requirements for password strength.
-
Storing passwords - converting to a better way
Daniel0 replied to IndynewToPhp's topic in MySQL Help
You could do that. It's a bit messy though. -
Storing passwords - converting to a better way
Daniel0 replied to IndynewToPhp's topic in MySQL Help
Regardless of the hashing algorithm you choose you need to use salting to make brute forcing and dictionary attacks more difficult. I'd recommend an application wide static salt that never changes coupled with perhaps a user specific salt that changes e.g. when logging in. I'd probably go with a strong hashing algorithm like SHA-512 available through the hash() function. As for changing the algorithm, that's a bit more difficult. You could keep the current password and then create a new field called "password_new" or something like that. When authenticating you'd check if password_new is empty and then use the old algorithm. Seeing as the password is supplied when authenticating you'll be able to update to the new algorithm. This means, however, that you'll still be vulnerable to attacks using the old algorithm's weaknesses. Another option would be to simply require all users to reset their passwords and send them an email informing them about it. The former has security implications, but is transparent to the user. The latter is more secure, but isn't transparent and requires the user to actively do something. -
I overlooked this. It won't protect you from what you intended, but it's excellent for blocking CSRF attacks.
-
Sure it'll be safer than plain text, but I only think it'll be marginally safer. Hashing it without a salt or with a publicly known salt isn't really that secure. HTTPS is secure because it encrypts it using the public key of the server, and the server can decrypt it using its private key. You can just make a self signed certificate or get a really cheap one. SSL is SSL regardless of the price you paid for the cert. It'll be the same encryption. The more expensive certs are expensive because they verify who the person/site is as well. You can only do it for passwords and other info you don't ever need in plaintext again though. Email addresses don't work using your method.
-
I haven't had more problems with Vista than any other OS.
-
[SOLVED] scandir() with a for loop Function not working
Daniel0 replied to emma57573's topic in PHP Coding Help
moved. -
I'll scream rape... Heh... the v flag wasn't even supposed to be there
-
Well, I mean what I said... E.g. counting blank lines: grep -c '^$' test.txt Number of lines: wc -l test.txt If you do not have access to a GNU/Linux install then you can use cygwin.
-
You should be able to do all that using unix command line tools.
-
An HP dv9685eo. No luck with that. Strangely, the bios settings contain virtually no options for me to change. Mostly only the date and boot order.
-
Hmm... I'm not so sure about that. I get sound through the built-in speakers when there is no driver installed after all. Regardless, I'll be equally (un)lucky if the new mobo is broken or if there is a loose wire. I'll still have to turn it in and do without it for like three weeks again. I'll not be paying anything as I have an extended SLA that covers repair costs.
-
I hope someone can help me solve this issue. I just got my laptop back from repair, but now there is no sound. If I remove the drivers then I can get sound through the internal speakers, but the jack plugs do not work and inserting e.g. a headset into them won't mute the speakers. When the drivers are installed there is no sound whatsoever. The sound card is detected by the OS (Vista x64, but that's irrelevant because it doesn't work in Ubuntu either) and it claims to be playing sound, but nothing comes out. One of the things they did at repair was replacing the motherboard. Can anyone provide a logical reason to why this would happen, or even better, a solution to the problem? I don't really feel like turning it in for repair again.
-
http://blogs.zdnet.com/Bott/?p=659 Here it's reported that for regular people there will only be three ones to choose between. Edit: The engadget link posted by nrg_alpha also says only three seeing as "Enterprise" is "available only in volume licenses" and that "Home Basic" is "only available in emerging markets" and "Starter" is otherwise not available normally. That leaves home premium, pro, and ultimate left.
-
Use http://img.youtube.com/vi/VIDEO_ID/default.jpg
-
Can anyone help identify the host for this site?
Daniel0 replied to dhcrusoe's topic in Miscellaneous
http://www.whoishostingthis.com/twcgreaterboston.org => http://www.interland.com/ -
You mean like this? http://www.phpfreaks.com/tutorial/debugging-a-beginners-guide
-
Please do not post links to download copyrighted material that you do not have the right to redistribute yourself.
-
I'll sticky this for further reference and in case other people might know books that people might find useful.
-
I can't remember when I've last used FTP. I always use SSH, SCP and SVN.
-
I've read some of SitePoint's Simply JavaScript. At the time I read it I found it pretty good.
-
[quote author=lukkyjay link=topic=119433.msg728404#msg728404 date=1193718287] I'm just now starting to learn php for a project on my own site. I don't understand how a WYSIWYG would work with php, but that would be awesome if it were actually possible. Can you get specific about the best WYSIWYG for a beginner? [/quote] WYSIWYG is for HTML only. Best is a matter of personal preference and hence the reason why this and [url=http://www.phpfreaks.com/forums/index.php/topic,54859.0.html]this[/url] topic are created.
-
http://zend.com/studio (Zend Studio)