Results 1 to 4 of 4

Visible Runcode Password

This is a discussion on Visible Runcode Password within the Bug Reporting forums, part of the vBSEO Google/Yahoo Sitemap category; While the runcode password is only a cookie for that session, it is stored unencrypted. I strongly suggest that it ...

  1. 12-19-2005 01:50 AM #1
    T2DMan
    T2DMan is offline
    Senior Member T2DMan's Avatar
    Real Name
    Michael Brandon
    Join Date
    Jul 2005
    Location
    Auckland, New Zealand
    Posts
    360
    Liked
    0 times
    Send a message via ICQ to T2DMan Send a message via AIM to T2DMan Send a message via MSN to T2DMan Send a message via Yahoo to T2DMan

    Visible Runcode Password

    While the runcode password is only a cookie for that session, it is stored unencrypted. I strongly suggest that it be encrypted, and done in such a way that even if you knew the php code, that it could not be unencrypted easily.

    Yes, all you need to do is close the browser and the cookie should be gone, but why have the risk.

    Many people may use the same password for many other applications, so it really is not worth it to leave accessable.
    T2DMan
    Search engine optimize vBulletin - over 55001 views
    or Contract me to onpage SEO your forum - experience the additional SERP improvements

    Reply With Quote Reply With Quote  
  2. 01-19-2006 09:55 AM #2
    MentaL
    MentaL is offline
    Senior Member MentaL's Avatar
    Real Name
    MentaL
    Join Date
    Oct 2005
    Location
    Wales
    Posts
    427
    Liked
    8 times
    Very good check especially for any future XSS problems that may happen, suprised the team didnt check this one already.
    Reply With Quote Reply With Quote  
  3. 01-19-2006 10:14 AM #3
    Keith Cohen
    Keith Cohen is offline
    Senior Member
    Real Name
    Keith Cohen
    Join Date
    Jul 2005
    Location
    Raleigh, NC USA
    Posts
    6,147
    Liked
    13 times
    I'd like to see the process changed a bit to allow passwords with special characters. If I wanted to use a password with a # in it, I can't because it's passed on the URL and the # screws it up.
    My Blog | GPS Discussion Forum
    Reply With Quote Reply With Quote  
  4. 01-19-2006 11:08 AM #4
    Oleg Ignatiuk
    Oleg Ignatiuk is offline
    vBSEO Staff Oleg Ignatiuk's Avatar
    Real Name
    Oleg Ignatiuk
    Join Date
    Jun 2005
    Location
    Belarus
    Posts
    25,744
    Liked
    169 times
    Thank you, it is implemented already and will be available in the next vBSEO Sitemap Generator release.
    Oleg Ignatiuk / Crawlability Inc.
    Security vbulletin - Patch Level for all supported versions released!

    Unveiling the NEW vBSEO Sitemap Generator 3.0. - available NOW for vBSEO Customers!
    Reply With Quote Reply With Quote  
« Bug with Showpost URL Counts | Show Post URL format »

Similar Threads

  1. Installation question: Please select a password.
    By bob in forum Troubleshooting
    Replies: 2
    Last Post: 02-04-2006, 10:10 PM
  2. This area is password protected.
    By Greg Watson in forum Troubleshooting
    Replies: 10
    Last Post: 10-30-2005, 03:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules