Jump to content

An idea about forums I thought I should share


Sparda

Recommended Posts

So, forums are generally very insecure (due to the lack of SSL usually).

What I would like to see is a feature where by a user account can have two passwords set to it. One password is effectively the 'admin' password for the account, so it's 'business as normal'.

The other password is presumed "likely to be known by the enemy" and allows some one who logs in with it to read, replies and create new threads/PMs but can't change any thing else in the account, this includes changing the 'insecure' password.

That is all, VaKo please implement ;)

Just kidding VaKo

Link to comment
Share on other sites

@10goto10: If someone is sniffing your traffic, he gets your login password which is different to the administration password. The attacker can post random things but can not delete or modify the account itself. For this he needs the administration or master password.

Of course the attacker can do a mitm-attack and displays a login page which prompts for the master password (let's say: authentication needs to be verified). Some users may enter the master password and by thus the attacker gets it. But I assume here users have experience with "100 percent genuine and valid paypal site click here" things ;-)

Link to comment
Share on other sites

@10goto10: If someone is sniffing your traffic, he gets your login password which is different to the administration password. The attacker can post random things but can not delete or modify the account itself. For this he needs the administration or master password.

Of course the attacker can do a mitm-attack and displays a login page which prompts for the master password (let's say: authentication needs to be verified). Some users may enter the master password and by thus the attacker gets it. But I assume here users have experience with "100 percent genuine and valid paypal site click here" things ;-)

So basically the added layer of "security" is that because you'll use the administration password less frequently, the chance of it being sniffed is also less. But in the end, both passwords are still equally easy to steal.

Even if the administrator passwords would be seldomly used, if the attacker is able to sniff your traffic and has your normal password, they would be able to log in and make use of a "Forgot your administrator password?"-link, and sniff the resulting traffic for the new password.

The fact that SSL increases system load shouldn't be a concern -- if that alone slows down your server that much, you should be investing in a new server. Besides, opting for a client-side solution (one that requires the user to remember TWO passwords while most have problems enough with just ONE) isn't a pretty solution, especially when it's not even that effective.

Link to comment
Share on other sites

Encryption increases system load.

In terms of what? Milliseconds.

SSL would be nice all around and should not be that much more of a burden on the site. We aren't running a bank or e-commerce site, so it isn't the end of the world but if money were involved, I would't use a site that didn't have at least SSL3, equivalent or better encryption.

That said, I think two passwords for a public forum is overkill. A lan system or domain for a corporate network where someone can wreck havok to the system, it makes sense, but not for normal users on the forums who don't really have any power over the network.

Link to comment
Share on other sites

In terms of what? Milliseconds.

SSL would be nice all around and should not be that much more of a burden on the site. We aren't running a bank or e-commerce site, so it isn't the end of the world but if money were involved, I would't use a site that didn't have at least SSL3, equivalent or better encryption.

That said, I think two passwords for a public forum is overkill. A lan system or domain for a corporate network where someone can reck havok to the system, it makes sense, but not for normal users on the forums who don't really have any power over the network.

Two passwords is the next best thing to having an SSL certificate (and much cheaper in basically all directions). In terms of implementation it should take all of about 10 lines of code (not that I know how to write IPB mods) and 1 extra field in the users table of the database.

The idea was that you can use the 'insecure' password where ever you are (open wifi at starbucks, on the bus, where ever) as if any one picks it up they basically can't do any thing with it except spam the forum. Only using the 'administrator' password on 'trusted' computers and connections when you want to make changes to the account.

People who understand why the forum has this functionality is unlikely to fall for any fishing attack.

Link to comment
Share on other sites

It will need a few more than just 10 lines. Sure you could write the login page, and register page with the 10 lines. But then theres going to be manipulation to the session handling, you will need to edit all the pages that will require the different permissions.

Here is the issue. you have two passwords. Why is that an issue? how the hell is the server to know which one your using securely? You could change the session data, but any one 1/2 skilled who trying to exploit you will soon release that there is a difference btwn the two cookies.

Second it will increase server load, to possibly the same level as SSL. SSL is easier to implement, so then why bother?

This isnt easy to code, though it is do-able. and i must say, for the for argument, it would stop keyloggers on public networks.

Link to comment
Share on other sites

It will need a few more than just 10 lines. Sure you could write the login page, and register page with the 10 lines. But then theres going to be manipulation to the session handling, you will need to edit all the pages that will require the different permissions.

Here is the issue. you have two passwords. Why is that an issue? how the hell is the server to know which one your using securely? You could change the session data, but any one 1/2 skilled who trying to exploit you will soon release that there is a difference btwn the two cookies.

Second it will increase server load, to possibly the same level as SSL. SSL is easier to implement, so then why bother?

This isnt easy to code, though it is do-able. and i must say, for the for argument, it would stop keyloggers on public networks.

The only increase in server load will be the server retrieving an extra field from the database (the additional password field). Then the server only has to maintain a extra session variable which indicates administrative and non administrative status.

Load increase is barely existent at one extra database field (with zero additional database requests) and a new server side boolean session variable. There will, of course, be the addition of a few if statements, but they take some thing in the region of <0.05ms to run.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...