Passwords
-
tank
- Posts: 2855
- Joined: 28 Sep 2013, 22:15
- Facebook: charlie.simmons.7334
- Google: ttnnkkrr
- GitHub: ttnnkkrr
- Location: Irving TX
- Contact:
Passwords
Recently due to an innocent code error the DB credentials were exposed. The DB password was changed as a result and is no longer vulnerable. But in adoption with a "better safe than sorry" I have set all passwords for all users to expire and require change. I am sorry for any inconvenience. The reality is it is unlikely that even if the user table was compromised that your actual password would get cracked. Passwords are stored hashed and salted. It would take a highly skilled cracker to derive real passwords.
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
Check Out WebWriter
Thanks Tank
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
Check Out WebWriter
Thanks Tank
Re: Passwords
I came here to bitch and moan but you took all the air out of my moan tires. Thanks for the update. 
Re: Passwords
You can blame PHP/PDO and its incredibly stupid DB-credential-leaking error messages for this 
fincs
Windows 10 x64 Build 18362 | AMD Ryzen 7 3700X with 32 GB of RAM | AutoHotkey v1.1.31.01
Get SciTE4AutoHotkey v3.0.06.01 - [My project list]
Windows 10 x64 Build 18362 | AMD Ryzen 7 3700X with 32 GB of RAM | AutoHotkey v1.1.31.01
Get SciTE4AutoHotkey v3.0.06.01 - [My project list]
Re: Passwords
Thanks for your work. Yes, it's a "better safe than sorry".
-
joedf
- Posts: 7889
- Joined: 29 Sep 2013, 17:08
- Facebook: J0EDF
- Google: +joedf
- GitHub: joedf
- Location: Canada
- Contact:
Re: Passwords
+1fincs wrote:You can blame PHP/PDO and its incredibly stupid DB-credential-leaking error messages for this
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x8GB G.Skill RipJaws V - DDR4 3280 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Populate the AHK MiniCity!] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
-
Bruttosozialprodukt
- Posts: 463
- Joined: 24 Jan 2014, 22:28
Re: Passwords
It should also be mentioned that it was only revealed for like 5 minutes and I think it didn't even had the correct database name in it.
I also don't even think that you could connect to it without access to the servers php side.
I also don't even think that you could connect to it without access to the servers php side.
Re: Passwords
I appreciate your caution.in adoption with a "better safe than sorry" I have set all passwords for all users to expire and require change.
-
dmg
- Posts: 287
- Joined: 02 Oct 2013, 01:43
- Location: "Twelve days north of Hopeless and a few degrees south of Freezing to Death"
- Contact:
Re: Passwords
OK. Thanks for letting us know. What does setting the passwords to expire mean for us users? What do we need to do, and when?
"My dear Mr Gyrth, I am never more serious than when I am joking."
~Albert Campion
------------------------------------------------------------------------
Website | Demo scripts | Blog | External contact
~Albert Campion
------------------------------------------------------------------------
Website | Demo scripts | Blog | External contact
Re: Passwords
Thanks for the heads up. I just changed mine to be safe.
-
tank
- Posts: 2855
- Joined: 28 Sep 2013, 22:15
- Facebook: charlie.simmons.7334
- Google: ttnnkkrr
- GitHub: ttnnkkrr
- Location: Irving TX
- Contact:
Re: Passwords
Change your password incase someone managed to access the user table and found a way to guess your password
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
Check Out WebWriter
Thanks Tank
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
Check Out WebWriter
Thanks Tank
Re: Passwords
Don't have a PM or any notification at all that my password needs changing. Are you sure you did this?tank wrote:I have set all passwords for all users to expire and require change.
string-similarity.ahk
graphicsearch.ahk
biga.ahk
GitHubRe: Passwords
you are the 11th poster in this thread.Chunjee wrote: Don't have a PM or any notification at all that my password needs changing. Are you sure you did this?
whats more likely:
1. the 10 previous posters are all talking nonsense, and the site admin didn't really do what he said he did
2. you are the anomaly
Re: Passwords
3. They are set to expire tomorrow
4. Someone erased my memory
5. I am better than all users and my password is just super salty
6. The forced password change expired or isn't working for everyone
Going with 5.
4. Someone erased my memory
5. I am better than all users and my password is just super salty
6. The forced password change expired or isn't working for everyone
Going with 5.
-
joedf
- Posts: 7889
- Joined: 29 Sep 2013, 17:08
- Facebook: J0EDF
- Google: +joedf
- GitHub: joedf
- Location: Canada
- Contact:
Re: Passwords
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x8GB G.Skill RipJaws V - DDR4 3280 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Populate the AHK MiniCity!] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
Re: Passwords
I don't recall having to go through a password reset either
AHKonsole - Class Based Console Library - Tetris!
CodeQuickTester
AppsKeyMenu-
Blackholyman
- Posts: 1292
- Joined: 29 Sep 2013, 22:57
- Facebook: socialjsz
- Google: +Jszapp
- Location: Denmark
- Contact:
Re: Passwords
Me neither.
-
Bruttosozialprodukt
- Posts: 463
- Joined: 24 Jan 2014, 22:28
Re: Passwords
I definitely had to reset my password the day all this happened.
Who is online
Users browsing this forum: No registered users and 4 guests