|
Secure login One of our members, who turned out to be a scammer, succeeded to generate an overload on my servers, claiming he could get in by using the log in information of one of my moderators, by intercepting his cookie. Even if this claim is not true, there has been a lot of discussion going on in my team to see what should be done. For the time being we now all disable the "remember me" to avoid the sending of cookies. One of my mods has this idea. Is this something that can be done?? Quote: I notice the login credentials are sent in the clear i.e. not using SSL/https: If I were doing an audit this would be a http://forums.watchuseek.com/images/.../rodekaart.gif Anyone scanning a public Wi-Fi network being used to log into WUS could capture username/password fairly easily. You might want to talk to V-bulletin about making a security upgrade here. |
| الساعة الآن 12:43 AM |
Powered by vBulletin® Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.2 TranZ By
Almuhajir