vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   Distributing Usernames/Passwords/etc. (https://vborg.vbsupport.ru/showthread.php?t=96609)

ManagerJosh 09-20-2005 02:33 PM
Distributing Usernames/Passwords/etc.
 
Can anyone give me some sample code & variables to start off with to hack up one of the Data APIs so I can distribute usernames/passwords/emails and any other misc. data :)

Marco van Herwaarden 09-20-2005 06:16 PM
No, that can not be done without reducing the vB security level to an unacceptable level (in my opinion).

ManagerJosh 09-21-2005 11:50 PM
Quote:
Originally Posted by MarcoH64
No, that can not be done without reducing the vB security level to an unacceptable level (in my opinion).
So how are we to distribute username/password information? Mind you password is already encoded... :/

Marco van Herwaarden 09-22-2005 03:44 AM
Maybe you should explain a bit more what you want to do.

ManagerJosh 09-22-2005 04:45 AM
During the registration process, submit usernames/passwords/emails to another database :)

Bug me more over IRC :p

Marco van Herwaarden 09-22-2005 12:23 PM
Another vB database?

Andreas 09-22-2005 12:27 PM
You can store the eMail and Username wherever you want.
The Password however never does reach your Server.

nexialys 09-22-2005 12:45 PM
if you play with the register.php file, you can create a sql query BEFORE the password is encoded to push the data in another dB, or send them by email, but why would you play with such a security risk ?!

Andreas 09-22-2005 12:47 PM
No you can't.
As said, the plaintext password never reaches the Server.

Marco van Herwaarden 09-22-2005 12:50 PM
PAssword already get's hashed on the client (javascript), and like kirby say it would be a huge security risk not to do so.

The only way that MIGHT be possible is to create teh user on the second system with the same salt, but not even sure it would work then.

Andreas 09-22-2005 12:52 PM
You can create as many users with the same password and different salts as you like :)

Marco van Herwaarden 09-22-2005 12:56 PM
Yes but since the client will only sent the hashed password with the salt to the server, you will need to use the same salt on the second database, if you want the hashed passwords to match.

nexialys 09-22-2005 01:02 PM
Quote:
Originally Posted by KirbyDE
No you can't.
As said, the plaintext password never reaches the Server.
simple, edit the javascript to send another version of the un-hashed password...

you always can modify everything to your wills... you just need to know why you do it and know the risks of doing so...

Marco van Herwaarden 09-22-2005 01:56 PM
We already said ti could be done, but only by lowering the security level vB is offering.

Andreas 09-22-2005 02:11 PM
@nexialy
Yes, this is possible ... however you only spoke about register.php.
Anyway, it's not recommended

ManagerJosh 09-22-2005 09:24 PM
Quote:
Originally Posted by KirbyDE
@nexialy
Yes, this is possible ... however you only spoke about register.php.
Anyway, it's not recommended
I don't want a plaintext password to be pushed around. That's too much of a security risk I'm willing to accept. I'm just wanting to push a MD5 password around.

I know vBulletin created the MD5 clientside as well as the our current Hashing for vB3.x.


All times are GMT. The time now is 11:34 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01019 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (16)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete