Haha. Yep. Still doesn't work 100% right...
Tue Sep 24, 2019 3:54am

Stupid cookies... even with all the "Spring Magic" taking care of 99% of it, there's still some weirdnesses about.

    • See? How much more work was it that you had to implement log - Puckdropper, Tue Sep 17 2019 11:40pm
      in? I knew what I was blabbering about.
      • Haha. Yep. Still doesn't work 100% right...- Erik, Tue Sep 24 2019 3:54am
        • I wonder what the Internet would look like - Puckdropper, Sat Sep 28 2019 6:11pm
          with a redesign a little more security conscious, a little more general purpose programming aware, and understanding things like state. Oh, and doing things like actually letting smart people handle security. Just tell the system it's a password and let it figure things out from there. Don't kn... more
          • That's exactly why I left it to 'Spring Magic' - Erik, Tue Oct 01 2019 3:35am
            Passwords are hashed using BCrypt library so no actual passwords are stored in the DB and all the log in / log out leg works is handled by the Spring library. If I was to implement my own, it would most likely have security holes galore and not work right. The weirdness now with the log in i... more
            • I rolled my own...well kinda - Puckdropper, Wed Oct 02 2019 2:45pm
              I didn't have any other option at the time. It's a clever and secureish way of doing things, but time has passed it by. Data goes to the server (a hole, I know) and gets hashed (using an old hash function), then stored in the database. I salted the hash, but I didn't know you should use different... more
              • it's probably fine (like you said.) So, if someone was to figure out the salt for your passwords, would they be able to decrypt all passwords in your database? Even with using an encryption library for the passwords, probably shouldn't be using any shared or important passwords here either. ... more
                • They wouldn't bother. They'd just rainbow table that thing - Puckdropper, Fri Nov 08 2019 4:06pm
                  up and have it figured out in maybe an hour's worth of computing time. (Now, back 10 years ago it was a couple years worth.) I like to tell people there's three passwords that should be unique: Your bank, your Facebook, and your e-mail. Everything else, it's hard to do much irreversible damage. ... more
                  • I usually have three levels of passwords based on.. - Erik_, Sat Nov 09 2019 3:55am
                    how secure I need it to be. Ex: level 1 top security would be unique hard passwords for work and banks and such. Then level 2 for middle ground and then easier level 3 passwords for stupid throw away stuff. Even then though with having to reset passwords after x amount of time being more common,... more
                    • That's pretty close to how I handle things. - Puckdropper, Sun Nov 10 2019 3:13pm
                      I can't remember every password and my password manager isn't always accessible. And if it's on the phone, it's not convenient for the computer. Too bad user accounts are so effective at preventing spam.
  • Click here to receive daily updates
    "Don't quote me." - Erik