ai cookie showing clear password (and user name)

niji

do you think it is a good idea that in the cookie you put onto our machines you show both our user name and the password uncrypted? the password should not be plainly recognizable as it is now.

can you imagine that if someone logs onto ai forums with the password being clearly visable as it is, then anyone can steal that password. identity theft is not pretty.

will you change this? or, at the very least, will you inform the general membership about yr low level (non) secure cookies?



[ 02-04-2003: Message edited by: niji ]</p>

ghost_user_name

Unfortunately we have no control over how the UBB software instructs your browser to store its cookies. I personally do not consider this a major security concern. It's not like your forum password is going to give someone access to your social security number or credit cards or home address and phone number. If you are concerned about your own privacy here, just remember to log out and clear your cookies when you are finished browsing at AppleInsider.



Besides, wouldn't someone have to have access to your computer anyway to browse through your cookie files? By the time someone got on your somputer, I think the last of your concerns would be of keeping your password to a chat forum private.



Or is this where those infamous security holes in Microsoft Internet Explorer come into play?



Of course, I'm no cookie expert. <img src="graemlins/hmmm.gif" border="0" alt="[Hmmm]" /> So, how exactly is this a serious threat?



[ 02-04-2003: Message edited by: Brad ]</p>

cosmo

[quote]Originally posted by Brad:

<strong>

Of course, I'm no cookie expert. <img src="graemlins/hmmm.gif" border="0" alt="[Hmmm]" />

[ 02-04-2003: Message edited by: Brad ]</strong><hr></blockquote>



You may not be an expert, but there is a cookie monster out there and i for one don't want him seeing my password...



[quote]C is for cookie...<hr></blockquote>





ok its late and i'm tired, it seemed funny in my head

niji

its really hard to accept a system administrator thinking that this wouldnt be serious. anyway.



how many passwords do you have? do you think that people have a different password for each and every passworded site?? no. I dont think so. a person has a limited number of passwords that s/he uses at a number of sites. this could be the same password for banking, as well as sites such as this.



at anyrate, i have changed my password immediately when accessing this site to a low level one that would not matter if someone hacked.



by the way, yr site is the ONLY site that a clear password is contained within the cookie. No other site that I have a cookie on my computer is a clear password. figure that.



thnx for yr help. you have been a great help.

ghost_user_name

I'm not saying that this isn't serious or that I'm not concerned here; it's just that I belive the matter is out of our hands. The cookies for this site are managed by the UBB software and UBB gives us no options over how they are stored and accessed.

123

[quote]Originally posted by niji:

<strong>its really hard to accept a system administrator thinking that this wouldnt be serious. anyway.



how many passwords do you have? do you think that people have a different password for each and every passworded site?? no. I dont think so. a person has a limited number of passwords that s/he uses at a number of sites. this could be the same password for banking, as well as sites such as this. </strong><hr></blockquote>



Personally, I think you're incredibly stupid if you use the same password for banking and sites like AppleInsider.



[ 02-05-2003: Message edited by: 123 ]</p>

roduk

[quote]Originally posted by 123:

<strong>



Personally, I think you're incredibly stupid if you use the same password for banking and sites like AppleInsider.



</strong><hr></blockquote>



Even more so if you actually tell people about it. Brad, what's his old password?

murbot

You are concerned about security, and you use only a couple of different passwords for all of your online activity. Interesting.

giaguara

Use more passwords than 1 or 2. And in places like this, use a low security one - So even if someone would see it, they won't have access to any other passwords you use anywhere in 'more serious' places. So don't make the low and high security passwords to look similar.

ast3r3x

...u guys bought Norton Anti Virus for X didn't you?



...u guys also have it promt for ur username and password when ur screensaver comes on don't you?

big mac

I myself make up a unique password for basically every site I go to. It's just a good practice to do so. Get an encrypted password manager and store them there for easy recall. (Or use the keychain if you're in a browser that supports it.) AFAIK, however, cookies are going to be unencrypted. Are there sites that do encrypt them?

mac_man

[quote]Originally posted by murbot:

<strong>You are concerned about security, and you use only a couple of different passwords for all of your online activity. Interesting.</strong><hr></blockquote>



LMAO <img src="graemlins/lol.gif" border="0" alt="[Laughing]" />