|
Title: How secure is the forum? Post by: bitcoin.monger on June 20, 2011, 04:43:24 AM Since today was not a good day for the Bitcoin community in general and MtGox in particular, I would like to ask a few questions about the security of this forum:
1. How are the passwords stored? What hashing algorithm is used? 2. Who has access to the database? 3. Is the forum vulnerable to attacks? Has it been tested for security holes? 4. Is there anything the users community can do to help? Please feel free to add or answer any items. Thank you in advance! Title: Re: How secure is the forum? Post by: theymos on June 20, 2011, 05:26:33 AM How are the passwords stored? What hashing algorithm is used? It seems to be SHA-1 salted with the username, though I'm not totally sure. Quote Who has access to the database? Gavin, Sirius, and me. Slicehost (and maybe Rackspace) also has access, since they host the server Quote Is the forum vulnerable to attacks? Has it been tested for security holes? It uses SMF plus some mods and a small handful of custom changes. Hopefully SMF is well-tested and able to contain poorly-programmed mods I did a cursory examination of all mods before installing them, but I certainly don't understand SMF enough to judge their security well. Quote Is there anything the users community can do to help? Tell me privately if there are any security problems. I will fix them ASAP. Title: Re: How secure is the forum? Post by: Bit_Happy on June 20, 2011, 05:40:13 AM How secure is the forum?
The default login does not use SSL, you need to manually change to https, how often do you remember to? Title: Re: How secure is the forum? Post by: gigabytecoin on June 20, 2011, 10:19:36 AM How secure is the forum? The default login does not use SSL, you need to manually change to https, how often do you remember to? Hrmmm why is this? |