Passwords
Passwords
Recently due to an innocent code error the DB credentials were exposed. The DB password was changed as a result and is no longer vulnerable. But in adoption with a "better safe than sorry" I have set all passwords for all users to expire and require change. I am sorry for any inconvenience. The reality is it is unlikely that even if the user table was compromised that your actual password would get cracked. Passwords are stored hashed and salted. It would take a highly skilled cracker to derive real passwords.
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
Re: Passwords
I came here to bitch and moan but you took all the air out of my moan tires. Thanks for the update. 
Re: Passwords
You can blame PHP/PDO and its incredibly stupid DB-credential-leaking error messages for this 
fincs
Windows 11 Pro (Version 22H2) | AMD Ryzen 7 3700X with 32 GB of RAM | AutoHotkey v2.0.0 + v1.1.36.02
Get SciTE4AutoHotkey v3.1.0 -[My project list]
Windows 11 Pro (Version 22H2) | AMD Ryzen 7 3700X with 32 GB of RAM | AutoHotkey v2.0.0 + v1.1.36.02
Get SciTE4AutoHotkey v3.1.0 -
Re: Passwords
Thanks for your work. Yes, it's a "better safe than sorry".
Re: Passwords
+1fincs wrote:You can blame PHP/PDO and its incredibly stupid DB-credential-leaking error messages for this
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
-
Bruttosozialprodukt
- Posts: 463
- Joined: 24 Jan 2014, 22:28
Re: Passwords
It should also be mentioned that it was only revealed for like 5 minutes and I think it didn't even had the correct database name in it.
I also don't even think that you could connect to it without access to the servers php side.
I also don't even think that you could connect to it without access to the servers php side.
Re: Passwords
I appreciate your caution.in adoption with a "better safe than sorry" I have set all passwords for all users to expire and require change.
-
dmg
- Posts: 287
- Joined: 02 Oct 2013, 01:43
- Location: "Twelve days north of Hopeless and a few degrees south of Freezing to Death"
- Contact:
Re: Passwords
OK. Thanks for letting us know. What does setting the passwords to expire mean for us users? What do we need to do, and when?
"My dear Mr Gyrth, I am never more serious than when I am joking."
~Albert Campion
------------------------------------------------------------------------
Website | Demo scripts | Blog | External contact
~Albert Campion
------------------------------------------------------------------------
Website | Demo scripts | Blog | External contact
Re: Passwords
Thanks for the heads up. I just changed mine to be safe.
Re: Passwords
Change your password incase someone managed to access the user table and found a way to guess your password
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
Re: Passwords
Don't have a PM or any notification at all that my password needs changing. Are you sure you did this?tank wrote:I have set all passwords for all users to expire and require change.
Re: Passwords
you are the 11th poster in this thread.Chunjee wrote: Don't have a PM or any notification at all that my password needs changing. Are you sure you did this?
whats more likely:
1. the 10 previous posters are all talking nonsense, and the site admin didn't really do what he said he did
2. you are the anomaly
Re: Passwords
3. They are set to expire tomorrow
4. Someone erased my memory
5. I am better than all users and my password is just super salty
6. The forced password change expired or isn't working for everyone
Going with 5.
4. Someone erased my memory
5. I am better than all users and my password is just super salty
6. The forced password change expired or isn't working for everyone
Going with 5.
Re: Passwords
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
Re: Passwords
I don't recall having to go through a password reset either
| 
| 
| 
CodeQuickTester | 
@geekdude-
Blackholyman
- Posts: 1293
- Joined: 29 Sep 2013, 22:57
- Location: Denmark
- Contact:
Re: Passwords
Me neither.
-
Bruttosozialprodukt
- Posts: 463
- Joined: 24 Jan 2014, 22:28
Re: Passwords
I definitely had to reset my password the day all this happened.
Who is online
Users browsing this forum: No registered users and 94 guests