Sparda Posted September 5, 2008 Share Posted September 5, 2008 So, forums are generally very insecure (due to the lack of SSL usually). What I would like to see is a feature where by a user account can have two passwords set to it. One password is effectively the 'admin' password for the account, so it's 'business as normal'. The other password is presumed "likely to be known by the enemy" and allows some one who logs in with it to read, replies and create new threads/PMs but can't change any thing else in the account, this includes changing the 'insecure' password. That is all, VaKo please implement ;) Just kidding VaKo Quote Link to comment Share on other sites More sharing options...
Joerg Posted September 5, 2008 Share Posted September 5, 2008 I support this very good idea but personally I would prefer ssl encryption (why having a server if it's not fully loaded?). Quote Link to comment Share on other sites More sharing options...
10goto10 Posted September 5, 2008 Share Posted September 5, 2008 Why wouldn't they be able to get the "master password" the same way as they'd get the other password? Quote Link to comment Share on other sites More sharing options...
VaKo Posted September 5, 2008 Share Posted September 5, 2008 It would be a good idea, however technically I'm not skilled to design this. If you, or someone else reading this, can design an IPB mod that allows this, and it passes a testing phase then I will impliment it. Quote Link to comment Share on other sites More sharing options...
Joerg Posted September 5, 2008 Share Posted September 5, 2008 @10goto10: If someone is sniffing your traffic, he gets your login password which is different to the administration password. The attacker can post random things but can not delete or modify the account itself. For this he needs the administration or master password. Of course the attacker can do a mitm-attack and displays a login page which prompts for the master password (let's say: authentication needs to be verified). Some users may enter the master password and by thus the attacker gets it. But I assume here users have experience with "100 percent genuine and valid paypal site click here" things ;-) Quote Link to comment Share on other sites More sharing options...
Chris S Posted September 9, 2008 Share Posted September 9, 2008 Why not just use SSL for the login? Quote Link to comment Share on other sites More sharing options...
Joerg Posted September 10, 2008 Share Posted September 10, 2008 Encryption increases system load. Quote Link to comment Share on other sites More sharing options...
10goto10 Posted September 10, 2008 Share Posted September 10, 2008 @10goto10: If someone is sniffing your traffic, he gets your login password which is different to the administration password. The attacker can post random things but can not delete or modify the account itself. For this he needs the administration or master password. Of course the attacker can do a mitm-attack and displays a login page which prompts for the master password (let's say: authentication needs to be verified). Some users may enter the master password and by thus the attacker gets it. But I assume here users have experience with "100 percent genuine and valid paypal site click here" things ;-) So basically the added layer of "security" is that because you'll use the administration password less frequently, the chance of it being sniffed is also less. But in the end, both passwords are still equally easy to steal. Even if the administrator passwords would be seldomly used, if the attacker is able to sniff your traffic and has your normal password, they would be able to log in and make use of a "Forgot your administrator password?"-link, and sniff the resulting traffic for the new password. The fact that SSL increases system load shouldn't be a concern -- if that alone slows down your server that much, you should be investing in a new server. Besides, opting for a client-side solution (one that requires the user to remember TWO passwords while most have problems enough with just ONE) isn't a pretty solution, especially when it's not even that effective. Quote Link to comment Share on other sites More sharing options...
digip Posted September 10, 2008 Share Posted September 10, 2008 Encryption increases system load. In terms of what? Milliseconds. SSL would be nice all around and should not be that much more of a burden on the site. We aren't running a bank or e-commerce site, so it isn't the end of the world but if money were involved, I would't use a site that didn't have at least SSL3, equivalent or better encryption. That said, I think two passwords for a public forum is overkill. A lan system or domain for a corporate network where someone can wreck havok to the system, it makes sense, but not for normal users on the forums who don't really have any power over the network. Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 11, 2008 Author Share Posted September 11, 2008 In terms of what? Milliseconds. SSL would be nice all around and should not be that much more of a burden on the site. We aren't running a bank or e-commerce site, so it isn't the end of the world but if money were involved, I would't use a site that didn't have at least SSL3, equivalent or better encryption. That said, I think two passwords for a public forum is overkill. A lan system or domain for a corporate network where someone can reck havok to the system, it makes sense, but not for normal users on the forums who don't really have any power over the network. Two passwords is the next best thing to having an SSL certificate (and much cheaper in basically all directions). In terms of implementation it should take all of about 10 lines of code (not that I know how to write IPB mods) and 1 extra field in the users table of the database. The idea was that you can use the 'insecure' password where ever you are (open wifi at starbucks, on the bus, where ever) as if any one picks it up they basically can't do any thing with it except spam the forum. Only using the 'administrator' password on 'trusted' computers and connections when you want to make changes to the account. People who understand why the forum has this functionality is unlikely to fall for any fishing attack. Quote Link to comment Share on other sites More sharing options...
jollyrancher82 Posted September 11, 2008 Share Posted September 11, 2008 This idea is bad. Just implement SSL. Quote Link to comment Share on other sites More sharing options...
Chris S Posted September 11, 2008 Share Posted September 11, 2008 This idea is bad. Just implement SSL. lol, being a noob on here I didn't want to come out and say it like that...but yeah....I second that. Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 11, 2008 Author Share Posted September 11, 2008 This idea is bad. Just implement SSL. What if SSL isn't an option (for what ever reason)? Quote Link to comment Share on other sites More sharing options...
Emilml Posted September 11, 2008 Share Posted September 11, 2008 I think it sounds like a good idea it sounds fairly easy to do, it would be nice to see a feature like this in the forum or in the general IPB package ^.^ Quote Link to comment Share on other sites More sharing options...
Deveant Posted September 11, 2008 Share Posted September 11, 2008 It will need a few more than just 10 lines. Sure you could write the login page, and register page with the 10 lines. But then theres going to be manipulation to the session handling, you will need to edit all the pages that will require the different permissions. Here is the issue. you have two passwords. Why is that an issue? how the hell is the server to know which one your using securely? You could change the session data, but any one 1/2 skilled who trying to exploit you will soon release that there is a difference btwn the two cookies. Second it will increase server load, to possibly the same level as SSL. SSL is easier to implement, so then why bother? This isnt easy to code, though it is do-able. and i must say, for the for argument, it would stop keyloggers on public networks. Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 11, 2008 Author Share Posted September 11, 2008 It will need a few more than just 10 lines. Sure you could write the login page, and register page with the 10 lines. But then theres going to be manipulation to the session handling, you will need to edit all the pages that will require the different permissions. Here is the issue. you have two passwords. Why is that an issue? how the hell is the server to know which one your using securely? You could change the session data, but any one 1/2 skilled who trying to exploit you will soon release that there is a difference btwn the two cookies. Second it will increase server load, to possibly the same level as SSL. SSL is easier to implement, so then why bother? This isnt easy to code, though it is do-able. and i must say, for the for argument, it would stop keyloggers on public networks. The only increase in server load will be the server retrieving an extra field from the database (the additional password field). Then the server only has to maintain a extra session variable which indicates administrative and non administrative status. Load increase is barely existent at one extra database field (with zero additional database requests) and a new server side boolean session variable. There will, of course, be the addition of a few if statements, but they take some thing in the region of <0.05ms to run. Quote Link to comment Share on other sites More sharing options...
Swathe Posted September 12, 2008 Share Posted September 12, 2008 I'm more inclined to support the SSl option but as mentioned if it isn't feasible, perhaps the two password option would be a good idea. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.