Remember me?

Have something to say about forums.debian.net itself?

Remember me?

Postby Ahtiga Saraz » 2011-03-05 23:15

When you log in, you see a checkbox marked "remember me?" Which is checked by default. I always uncheck it because I don't know what it does. In particular, it would be very bad if it means "remember my IP address and log me in passwordless each time I visit".

So what does checking this box do?
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: Remember me?

Postby Bro.Tiag » 2011-03-06 00:16

Ahtiga Saraz wrote:When you log in, you see a checkbox marked "remember me?" Which is checked by default. I always uncheck it because I don't know what it does. In particular, it would be very bad if it means "remember my IP address and log me in passwordless each time I visit".

So what does checking this box do?

It remembers your IP address and logs you in with your password each time you visit.
User avatar
Bro.Tiag
 
Posts: 1937
Joined: 2007-06-02 19:14

Clarify, please!

Postby Ahtiga Saraz » 2011-03-06 00:39

Do you mean that it notes my current IP, 123.45.78.9, and subsequently logs in anyone visiting from that IP using my stored password (hash?), as me?

What if I am a dial-up user randomly assigned a new dynamic IP each time I surf? What if 123.45.78.9 is a Tor exit server?

Sounds like a recipe for accidental impersonation.

And just to check: I presume the password I gave upon registration is suitably hashed before being stored in the forum server? Salted and iterated md5? Or...? Before you ask, I am careful not to use the same password at different forums.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: Remember me?

Postby Telemachus » 2011-03-06 03:09

I think Bro. Tiag was pulling your leg. You said, "I hope it doesn't X." He said, "It does X." See. Funny.

It does not track your IP. It stores a cooke in your browser that it can later check. Many users find this convenient since it means fewer new logins. If you don't check it, it does nothing. If you want to see some code showing how to create and set such a cookie (it's not inherently nefarious at all), take a look here: Ruby on Rails tutorial.

By the way, salting and iterating md5s is utterly worthless. See these two articles for why:

"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System
User avatar
Telemachus
 
Posts: 4677
Joined: 2006-12-25 15:53

Re: Remember me?

Postby Ahtiga Saraz » 2011-03-06 21:14

Telemachus, thanks, but I still don't know enough. I autoclear all cookies after I close Iceweasel--- what are the implications?

Thanks for the very useful advice and the links. Very important. But I am so confused now!.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: Remember me?

Postby llivv » 2011-03-07 12:24

no one can explain security to you completely..
confusion about security is normal because it is big business.
$$
should I put a few more money signs in this post?
In memory of Ian Ashley Murdock (1973 - 2015) founder of the Debian project.
User avatar
llivv
 
Posts: 5484
Joined: 2007-02-14 18:10
Location: cold storage

Re: Remember me?

Postby AMLJ » 2011-03-07 15:26

llivv wrote:no one can explain security to you completely..
confusion about security is normal because it is big business.
$$
should I put a few more money signs in this post?

Don't bother. :D
$$$$$$$$$$$$$$$$
AMLJ**0-1-47
User avatar
AMLJ
 
Posts: 973
Joined: 2009-03-18 07:40
Location: Mierlo, Netherlands

Still seeking answers

Postby Ahtiga Saraz » 2011-03-08 17:47

Telemachus?
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19


Return to Forum stuff & feedback

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable