miniBB ® miniBB®
miniBB Support Forums
 | Forums | Register | Reply | Search | Statistics | Manual |
The Other miniBB Support Forums / The Other /   

admin password security

Author webseeker
#1 | Posted: 22 Apr 2002 20:00 
First I want to say how much I love this little board. But (there's always a but) I was wondering, the user passwords are crypted but why is the admin pass left in clear text in the options file instead of crypted and placed in the DB? Leaving the admin pass in clear text can't be good.

Maybe I'm missing something. I've changed my pass in preferences (at least I go through the motions) but the auth for admin doesn't use the new pass, it still looks at the pass in the options file.

Tell me if I'm missing something that's right in front of my face. If not, is there plans to rectify this in later releases? So far this is the only negative I can see with this BB.


Author Team
#2 | Posted: 23 Apr 2002 10:20 
it still looks at the pass in the options file
Yes, that's true. Manual describes it.

As for admin password, you are right, the only place where it is opened is options file. So, is it secure? We apologise, yes. In options file, there are also more important password saved, for example, password and login to sql database. This is php file, so if you simply run it in browser, it will display NOTHING. And, we think, it is more secure that keeping encrypted passwords in database. Because NOBODY except owner of forums can change it and view it, and you can do it ONLY via FTP, not directly from browser. So, it is secure, don't worry :)

Beginning from the version 2.0, it's also possible to store admin's password directly encoded as MD5 hash.

The Other miniBB Support Forums / The Other / admin password security Top

Your Reply Click this icon to move up to the quoted message

 Short link for this topic:

Only registered users are allowed to post here. Please, enter your username/password details upon posting a message, or register first.

Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
Captcha Addon for miniBB