Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Meta
Re: Major Flaw in Security
by
FunnyHat43
on 23/10/2014, 03:40:35 UTC
Quote from: Dare on October 23, 2014, 03:32:18 AM
Quote from: marcotheminer on October 22, 2014, 09:15:04 PM
Quote from: mprep on October 22, 2014, 08:58:10 PM
It was noted many times before in several threads and people have mentioned that it should be included in the new forum software. It didn't have it's dedicated thread then (well, now it does Grin). I do agree; a lot of hacks happen due to said flaw as hackers once gained access to the account can simply change the email and password.

Security aspects should be implemented immediately in this forum version. I feel waiting another year just for these much needed security upgrades would be too long.

Layout, avatars and performance can come at a later date. Security needs to come tomorrow.

Agreed; security is important, particularly so on a forum dedicated to cryptography. Though it's possible to recover accounts after their email has been changed, the process is cumbersome and time-consuming. I'm certain a plugin for email verification already exists for SMF, but it wouldn't be particularly hard to create one independently if necessary (generate a password reset key and store it in a database, send an email, invalidate unused keys after ~24 hours).
This would rely very heavily on automation which has it's own vulnerabilities.