When you log in, you see a checkbox marked "remember me?" Which is checked by default. I always uncheck it because I don't know what it does. In particular, it would be very bad if it means "remember my IP address and log me in passwordless each time I visit".
So what does checking this box do?
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Remember me?
-
- Posts: 1014
- Joined: 2009-06-15 01:19
Remember me?
Ahtiga Saraz
Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Re: Remember me?
It remembers your IP address and logs you in with your password each time you visit.Ahtiga Saraz wrote:When you log in, you see a checkbox marked "remember me?" Which is checked by default. I always uncheck it because I don't know what it does. In particular, it would be very bad if it means "remember my IP address and log me in passwordless each time I visit".
So what does checking this box do?
-
- Posts: 1014
- Joined: 2009-06-15 01:19
Clarify, please!
Do you mean that it notes my current IP, 123.45.78.9, and subsequently logs in anyone visiting from that IP using my stored password (hash?), as me?
What if I am a dial-up user randomly assigned a new dynamic IP each time I surf? What if 123.45.78.9 is a Tor exit server?
Sounds like a recipe for accidental impersonation.
And just to check: I presume the password I gave upon registration is suitably hashed before being stored in the forum server? Salted and iterated md5? Or...? Before you ask, I am careful not to use the same password at different forums.
What if I am a dial-up user randomly assigned a new dynamic IP each time I surf? What if 123.45.78.9 is a Tor exit server?
Sounds like a recipe for accidental impersonation.
And just to check: I presume the password I gave upon registration is suitably hashed before being stored in the forum server? Salted and iterated md5? Or...? Before you ask, I am careful not to use the same password at different forums.
Ahtiga Saraz
Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
- Telemachus
- Posts: 4574
- Joined: 2006-12-25 15:53
- Been thanked: 2 times
Re: Remember me?
I think Bro. Tiag was pulling your leg. You said, "I hope it doesn't X." He said, "It does X." See. Funny.
It does not track your IP. It stores a cooke in your browser that it can later check. Many users find this convenient since it means fewer new logins. If you don't check it, it does nothing. If you want to see some code showing how to create and set such a cookie (it's not inherently nefarious at all), take a look here: Ruby on Rails tutorial.
By the way, salting and iterating md5s is utterly worthless. See these two articles for why:
It does not track your IP. It stores a cooke in your browser that it can later check. Many users find this convenient since it means fewer new logins. If you don't check it, it does nothing. If you want to see some code showing how to create and set such a cookie (it's not inherently nefarious at all), take a look here: Ruby on Rails tutorial.
By the way, salting and iterating md5s is utterly worthless. See these two articles for why:
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System
-
- Posts: 1014
- Joined: 2009-06-15 01:19
Re: Remember me?
Telemachus, thanks, but I still don't know enough. I autoclear all cookies after I close Iceweasel--- what are the implications?
Thanks for the very useful advice and the links. Very important. But I am so confused now!.
Thanks for the very useful advice and the links. Very important. But I am so confused now!.
Ahtiga Saraz
Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Re: Remember me?
no one can explain security to you completely..
confusion about security is normal because it is big business.
$$
should I put a few more money signs in this post?
confusion about security is normal because it is big business.
$$
should I put a few more money signs in this post?
In memory of Ian Ashley Murdock (1973 - 2015) founder of the Debian project.
Re: Remember me?
Don't bother.llivv wrote:no one can explain security to you completely..
confusion about security is normal because it is big business.
$$
should I put a few more money signs in this post?
$$$$$$$$$$$$$$$$
AMLJ**0-1-47
-
- Posts: 1014
- Joined: 2009-06-15 01:19
Still seeking answers
Telemachus?
Ahtiga Saraz
Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!