Toribash
Condings, it's quite possible. I did notice this a long time ago where, if you could get on somebody else's computer you could theoretically steal their password and their TC. I think though, if hacking did occur, the staff would refund everything. I'd be more worried if a credit card number was encrypted.
Buy me food and tell me I'm cute.
Originally Posted by Twilight View Post
Condings, it's quite possible. I did notice this a long time ago where, if you could get on somebody else's computer you could theoretically steal their password and their TC. I think though, if hacking did occur, the staff would refund everything. I'd be more worried if a credit card number was encrypted.

If someone gets to your computer there is nothing we can do to stop it. We can't encrypt the password without it being visible for the client.

Going to Firefox / Preferences / Saved passwords would give the password as well if the users has been on the forum and saved the password there.

If you are only a public machine use /forgetme to remove the stored password.
We can not save password in browser. this is saved in a cookie. You don't need that much time to encrypt it and these data are not needed anywhere except the binary file. I think security is always good.
Originally Posted by hampa View Post
If someone gets to your computer there is nothing we can do to stop it. We can't encrypt the password without it being visible for the client.

Going to Firefox / Preferences / Saved passwords would give the password as well if the users has been on the forum and saved the password there.

If you are only a public machine use /forgetme to remove the stored password.

You know much more about this topic than I do but suppose the password could be encrypted locally on the computer where the client reads it and then sends it via an SSL connection to your servers. Encrypt it locally so that only the person that knows the password can actually view it by confirming their identity by typing it in.
Buy me food and tell me I'm cute.
Originally Posted by Twilight View Post
You know much more about this topic than I do but suppose the password could be encrypted locally on the computer where the client reads it and then sends it via an SSL connection to your servers. Encrypt it locally so that only the person that knows the password can actually view it by confirming their identity by typing it in.

So typing your password every time you open Toribash? I doubt that would be very popular.

Don't let people use your computers, if someone is on your computer consider it compromised.
-----
Originally Posted by ASSASSIN92 View Post
We can not save password in browser. this is saved in a cookie. You don't need that much time to encrypt it and these data are not needed anywhere except the binary file. I think security is always good.

Passwords are saved in clear text for your browser. Anyone who accesses your computer can see them.

If you use Firefox go to Preferences / Security / Saved Passwords

The sooner you realize this the better. Don't allow other people to access your computer. Period.
Last edited by hampa; May 10, 2014 at 10:46 AM. Reason: <24 hour edit/bump