https login

[Dagless]

I put forward a suggestion for a secure login system. I know the site doesn't hold any major info, but there is a brothers section etc. and I'm sure many users on here access the site from internet cafes, work, and other such insecure environments.
Rashad, you're always looking for ways to break the si... er... I mean "embrace new technology". This could be one step into the future

 

[Cabdullahi]

before we implement a secure HTTP...i will need all the active users bank account details...its a research im doing....you know...i put things into database and see the correlation and stuff....

 

[Yanal]

Sounds interesting. How would it exactly work though?

 

[Dagless]

Sounds interesting. How would it exactly work though?

Normally only the login page has https rather than http. The user would see no real difference. However, I just checked and vbulletin don't support this so the whole site would have to be https. I guess forget it since it doesn't seem to be a common thing on vbulletin forums

 

['Abd Al-Maajid]

That's not gonna happen. It is worthless to to have a secure login page on this forum, even Facebook doesn't use secure login even though you share your personal information there. So forget it!

 

[Yanal]

Yes,although a suggestion that could be inmplented into the future.

 

[Dagless]

That's not gonna happen. It is worthless to to have a secure login page on this forum, even Facebook doesn't use secure login even though you share your personal information there. So forget it!

Facebook does have a secure login page if you type https. Calling something worthless because you thought Facebook didn't have it isn't worth responding to

 

[~Raindrop~]

What's the difference between http and https? :><:

 

[Dagless]

What's the difference between http and https? :><:

When you are on public networks your username and password is sent via plain text, so it's possible for anyone on that network to read. If it's https it's encrypted/secure.

 

[~Raindrop~]

How about if you use KeyScrambler? Doesn't that jumble all the letters up anyway?

 

[Dagless]

How about if you use KeyScrambler? Doesn't that jumble all the letters up anyway?

That's only to protect against keyloggers which are locally on the computer. I am talking about the connection from your pc to islamicboard.com.

 

[~Raindrop~]

Right...ok.
Sorry, i'm not very computer-literate :><:

 

[Dagless]

Right...ok.
Sorry, i'm not very computer-literate :><:

Well you are a little more now, but don't worry since nobody seems to think the idea is that important

 

['Abd Al-Maajid]

As you said brother Dagless, there are some sections which need more protection, I rather see it the other way, I believe there is nothing in brother's section for us to feel the need to conceal it if any admin's or user's account is compromised.

Moreover, it requires more $$$ for this, an it's not worth it.

 

[Dagless]

As you said brother Dagless, there are some sections which need more protection, I rather see it the other way, I believe there is nothing in brother's section for us to feel the need to conceal it if any admin's or user's account is compromised. Moreover, it requires more $$$ for this, I guess.

Thanks bro, that's pretty much the kind of answer I was looking for. I agree, there is nothing to hide (pm or forum). I suppose the reason for restriction is more to stop the trolling which goes on out here than to hide any information.
Not too much $$$. Certs can be bought quite reasonably these days, ~£10.

 

[أحمد]

Logging in involves comparing password hashes; one which is generated when a password is created or changed, with the one generated when the user enters his or her password. The old string comparison system is almost non-existent in the 21st century, although there are cases where its still used. https isn't about using cyphertext; thats a common misconception. https actually uses SSL certification, which is a system of authencitating the connection, not the inputted string. As a standard, SSL uses 128 bit security, which is designed to make it more difficult for a "hacker" to "listen" into the connection.

Can SSL be bypassed? Yes.
Is it easy to bypass? Generally speaking, no.

vBulletin uses MD5 hashes by default, which are reasonably secure for any forum standard. As long as a user doesn't use the password "qwerty", or anything short, simple and "guessable", including dictionary words, then its OK.

:wa:

 

[أحمد]

When you are on public networks your username and password is sent via plain text, so it's possible for anyone on that network to read. If it's https it's encrypted/secure.

SSL uses public IP verification; I don't think anymore needs to be discussed on this matter.

:wa:

 

[Dagless]

SSL uses public IP verification; I don't think anymore needs to be discussed on this matter.

:wa:

I don't know what you mean by this.

 

[أحمد]

I don't know what you mean by this.

In other terms, the forum is secure enough.

:wa:

 

[Dagless]

In other terms, the forum is secure enough.

:wa:

That doesn't explain "SSL uses public IP verification".