vb.org Archive
Page 5 of 6 « First 34 5 6
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.7 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=228)
-   -   Administrative and Maintenance Tools - Password Security Tools (https://vborg.vbsupport.ru/showthread.php?t=187980)

RedTrinity 08-17-2008 04:31 AM
Quote:
Originally Posted by John (Post 1599437)
Try the attached passsec.php in the above post.
Thanks John, works great now!!! 12 out of 1,009 members isn't too bad I suppose :D

Great mod, thanks again for sharing it with us :)

sinucello 08-18-2008 05:40 AM
Hi,

for some reason the phrase:
Code:
<phrasetype name="Access Masks" fieldname="accessmask">
                        <phrase name="username_cannot_equal_password" date="1218509082" username="John" version="1.0.0"><![CDATA[Your password cannot be the same as your username.]]></phrase>
                </phrasetype>
couldn`t be found and I had to add a new phrase with the same name for the product "vBulletin", phrase type "Error Messages" to make the error message appear in the user-registration dialogue.

all the best,
Sacha

sinucello 08-18-2008 05:53 AM
Hi,

hm, is it correct that vBulletin doesn`t offer an option to set the min. password length? If so, could you add that as a feature for your mod?

all the best,
Sacha

John 08-19-2008 04:59 AM
Quote:
Originally Posted by sinucello (Post 1601200)
Hi,

hm, is it correct that vBulletin doesn`t offer an option to set the min. password length? If so, could you add that as a feature for your mod?

all the best,
Sacha
For some reason the vBulletin developers think that client-side hashing is a more valuable feature than being able to prevent poor quality passwords from being used by members. vBulletin's client-side hashing feature means that it's impossible to do any checks on the password, since it never reaches the server in clear text form. If someone intercepts your network traffic they can still gain access to your account using the md5 hash. The only protection offered is that in the rare event that this happens, the original clear text password won't be discovered. (Following the safe practice of using different passwords on different sites thwarts this.)

Anyway, the short answer is no - without disabling client-side md5 hashing it's impossible to check password length.

sinucello 08-19-2008 05:27 AM
Hi,
Quote:
Originally Posted by John (Post 1602063)
Anyway, the short answer is no - without disabling client-side md5 hashing it's impossible to check password length.
thanks very much for your detailed answer. I added a password info-text, use your editable list of banned passwords and hope that someday the devs will change their minds.

all the best,
Sacha

Hornstar 08-20-2008 05:50 AM
finally vb will be adding this to there next release later this week (or next)

puertoblack2003 08-26-2008 08:21 PM
just curious now that vb implement this should this hack be required? or keep it as an extra secured feature?

lord_of_chaos 08-27-2008 04:32 PM
VB doesn't check for common words.

Alfa1 08-28-2008 02:08 PM
Does this hack needs to be updated, now that vbulletin has implemented part of the functionality? I assume that they coded it in a different way than John did.

Is there or will there be, a password strength bar?

sinucello 08-28-2008 02:58 PM
Hi,
Quote:
Originally Posted by Alfa1 (Post 1609059)
Does this hack needs to be updated, now that vbulletin has implemented part of the functionality? I assume that they coded it in a different way than John did.

Is there or will there be, a password strength bar?
I just upgraded to 3.7.3 with this mod installed. Everything works but the "username/pw have to be unique" error message will appear twice. So I disabled the mod though vB doesn`t have the list of unwanted passwords feature.

hth,
Sacha


All times are GMT. The time now is 03:37 PM.
Page 5 of 6 « First 34 5 6
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01059 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete