Mirage Source http://miragesource.net/forums/ |
|
Password Sensitivity http://miragesource.net/forums/viewtopic.php?f=210&t=71 |
Page 1 of 1 |
Author: | grimsk8ter11 [ Thu Jun 01, 2006 10:00 pm ] |
Post subject: | Password Sensitivity |
Originally posted by Baltan ServerSide: look at you're PasswordOK function: Code: Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean Dim FileName As String Dim RightPassword As String PasswordOK = False If AccountExist(Name) Then FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini" RightPassword = GetVar(FileName, "GENERAL", "Password") If UCase(Trim(Password)) = UCase(Trim(RightPassword)) Then PasswordOK = True End If End If End Function This is VERY VERY bad security Why do you ask? it says that password = PassWord = PaSsWoRd = PASSWORD Case insensitivity, :| Case Sensitive passwords are hundreds of times harder and longer to BruteForce or DictionaryHack So lets change that up eh? Code: Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean
Dim FileName As String Dim RightPassword As String PasswordOK = False If AccountExist(Name) Then FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini" RightPassword = GetVar(FileName, "GENERAL", "Password") If Trim(Password) = Trim(RightPassword) Then PasswordOK = True End If End If End Function |
Author: | lordgivemick [ Fri Dec 22, 2006 12:23 am ] |
Post subject: | Re: Password Sensitivity |
grimsk8ter11 wrote: Originally posted by Baltan
ServerSide: look at you're PasswordOK function: Code: Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean Dim FileName As String Dim RightPassword As String PasswordOK = False If AccountExist(Name) Then FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini" RightPassword = GetVar(FileName, "GENERAL", "Password") If UCase(Trim(Password)) = UCase(Trim(RightPassword)) Then PasswordOK = True End If End If End Function This is VERY VERY bad security Why do you ask? it says that password = PassWord = PaSsWoRd = PASSWORD Case insensitivity, :| Case Sensitive passwords are hundreds of times harder and longer to BruteForce or DictionaryHack So lets change that up eh? Code: Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean Dim FileName As String Dim RightPassword As String PasswordOK = False If AccountExist(Name) Then FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini" RightPassword = GetVar(FileName, "GENERAL", "Password") If Trim(Password) = Trim(RightPassword) Then PasswordOK = True End If End If End Function this is somthig you all should have so that way other people cant get there accoutn hacked as easily. if you do use it dont forget to add that case is sensitive. SeE GoOd TuTs ShOuLdN't Be OlD. |
Page 1 of 1 | All times are UTC |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |