Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Remember me?

Code of conduct, suggestions, and information on forums.debian.net.
Post Reply
Message
Author
Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Remember me?

#1 Post by Ahtiga Saraz »

When you log in, you see a checkbox marked "remember me?" Which is checked by default. I always uncheck it because I don't know what it does. In particular, it would be very bad if it means "remember my IP address and log me in passwordless each time I visit".

So what does checking this box do?
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

User avatar
Bro.Tiag
Posts: 1924
Joined: 2007-06-02 19:14

Re: Remember me?

#2 Post by Bro.Tiag »

Ahtiga Saraz wrote:When you log in, you see a checkbox marked "remember me?" Which is checked by default. I always uncheck it because I don't know what it does. In particular, it would be very bad if it means "remember my IP address and log me in passwordless each time I visit".

So what does checking this box do?
It remembers your IP address and logs you in with your password each time you visit.

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Clarify, please!

#3 Post by Ahtiga Saraz »

Do you mean that it notes my current IP, 123.45.78.9, and subsequently logs in anyone visiting from that IP using my stored password (hash?), as me?

What if I am a dial-up user randomly assigned a new dynamic IP each time I surf? What if 123.45.78.9 is a Tor exit server?

Sounds like a recipe for accidental impersonation.

And just to check: I presume the password I gave upon registration is suitably hashed before being stored in the forum server? Salted and iterated md5? Or...? Before you ask, I am careful not to use the same password at different forums.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

User avatar
Telemachus
Posts: 4574
Joined: 2006-12-25 15:53
Been thanked: 2 times

Re: Remember me?

#4 Post by Telemachus »

I think Bro. Tiag was pulling your leg. You said, "I hope it doesn't X." He said, "It does X." See. Funny.

It does not track your IP. It stores a cooke in your browser that it can later check. Many users find this convenient since it means fewer new logins. If you don't check it, it does nothing. If you want to see some code showing how to create and set such a cookie (it's not inherently nefarious at all), take a look here: Ruby on Rails tutorial.

By the way, salting and iterating md5s is utterly worthless. See these two articles for why:
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Re: Remember me?

#5 Post by Ahtiga Saraz »

Telemachus, thanks, but I still don't know enough. I autoclear all cookies after I close Iceweasel--- what are the implications?

Thanks for the very useful advice and the links. Very important. But I am so confused now!.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

User avatar
llivv
Posts: 5340
Joined: 2007-02-14 18:10
Location: cold storage

Re: Remember me?

#6 Post by llivv »

no one can explain security to you completely..
confusion about security is normal because it is big business.
$$
should I put a few more money signs in this post?
In memory of Ian Ashley Murdock (1973 - 2015) founder of the Debian project.

User avatar
AMLJ
Posts: 973
Joined: 2009-03-18 07:40
Location: Mierlo, Netherlands
Contact:

Re: Remember me?

#7 Post by AMLJ »

llivv wrote:no one can explain security to you completely..
confusion about security is normal because it is big business.
$$
should I put a few more money signs in this post?
Don't bother. :D
$$$$$$$$$$$$$$$$
AMLJ**0-1-47

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Still seeking answers

#8 Post by Ahtiga Saraz »

Telemachus?
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

Post Reply