Passwords

[tank]

Recently due to an innocent code error the DB credentials were exposed. The DB password was changed as a result and is no longer vulnerable. But in adoption with a "better safe than sorry" I have set all passwords for all users to expire and require change. I am sorry for any inconvenience. The reality is it is unlikely that even if the user table was compromised that your actual password would get cracked. Passwords are stored hashed and salted. It would take a highly skilled cracker to derive real passwords.

[jballi]

I came here to bitch and moan but you took all the air out of my moan tires. Thanks for the update.

[fincs]

You can blame PHP/PDO and its incredibly stupid DB-credential-leaking error messages for this

[amnesiac]

Thanks for your work. Yes, it's a "better safe than sorry".

[joedf]

You can blame PHP/PDO and its incredibly stupid DB-credential-leaking error messages for this

+1

[Bruttosozialprodukt]

It should also be mentioned that it was only revealed for like 5 minutes and I think it didn't even had the correct database name in it.

I also don't even think that you could connect to it without access to the servers php side.

[6Zptf]

in adoption with a "better safe than sorry" I have set all passwords for all users to expire and require change.

I appreciate your caution.

[dmg]

OK. Thanks for letting us know. What does setting the passwords to expire mean for us users? What do we need to do, and when?

[codybear]

Thanks for the heads up. I just changed mine to be safe.

[tank]

Change your password incase someone managed to access the user table and found a way to guess your password

[kidbit]

oh god, this is so lame

[Chunjee]

I have set all passwords for all users to expire and require change.

Don't have a PM or any notification at all that my password needs changing. Are you sure you did this?

[guest3456]

Don't have a PM or any notification at all that my password needs changing. Are you sure you did this?

you are the 11th poster in this thread.

whats more likely:

1. the 10 previous posters are all talking nonsense, and the site admin didn't really do what he said he did
2. you are the anomaly

[Chunjee]

3. They are set to expire tomorrow
4. Someone erased my memory
5. I am better than all users and my password is just super salty
6. The forced password change expired or isn't working for everyone

Going with 5.

[joedf]

You might need to read this : http://www.ehow.com/info_8246505_signs- ... tml#page=1

[GeekDude]

I don't recall having to go through a password reset either

[Blackholyman]

Same! no reset for me yet

[Sidola]

Me neither.

[Bruttosozialprodukt]

I definitely had to reset my password the day all this happened.