|
إنضمامك إلي منتديات استراحات زايد يحقق لك معرفة كل ماهو جديد في عالم الانترنت ...
انضم الينا
#1
| ||
| ||
I ran a little experiment (requiring essentially no knowledge of internet protocols or software), and unfortunately, my guess was correct: when a generic vb user logs onto vb, username and password are transmitted in the clear in a packet sent over the great big internet from your computer to the vb server. Code: ... vb_login_username=YOUR_USERNAME &vb_login_password=YOUR_PASSWORD &s= &securitytoken=YOUR_TOKEN &do=login &vb_login_md5password= &vblogin_md5password_utf= ... where the items in uppercase are just what you don't want to see passing in the clear. Sure, the passwords are hashed before being compared with a stored value at the PF server, but this is no use whatever if someone can sniff the username/password in the clear. Can someone clarify this for me? __DEFINE_LIKE_SHARE__ |
مواقع النشر (المفضلة) |
| |