Bitcoin Forum
December 09, 2016, 02:14:04 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How secure is the forum?  (Read 726 times)
bitcoin.monger
Newbie
*
Offline Offline

Activity: 14


View Profile
June 20, 2011, 04:43:24 AM
 #1

Since today was not a good day for the Bitcoin community in general and MtGox in particular, I would like to ask a few questions about the security of this forum:

1. How are the passwords stored? What hashing algorithm is used?
2. Who has access to the database?
3. Is the forum vulnerable to attacks? Has it been tested for security holes?
4. Is there anything the users community can do to help?

Please feel free to add or answer any items. Thank you in advance!
1481249644
Hero Member
*
Offline Offline

Posts: 1481249644

View Profile Personal Message (Offline)

Ignore
1481249644
Reply with quote  #2

1481249644
Report to moderator
1481249644
Hero Member
*
Offline Offline

Posts: 1481249644

View Profile Personal Message (Offline)

Ignore
1481249644
Reply with quote  #2

1481249644
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481249644
Hero Member
*
Offline Offline

Posts: 1481249644

View Profile Personal Message (Offline)

Ignore
1481249644
Reply with quote  #2

1481249644
Report to moderator
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2506


View Profile
June 20, 2011, 05:26:33 AM
 #2

How are the passwords stored? What hashing algorithm is used?

It seems to be SHA-1 salted with the username, though I'm not totally sure.

Quote
Who has access to the database?

Gavin, Sirius, and me. Slicehost (and maybe Rackspace) also has access, since they host the server

Quote
Is the forum vulnerable to attacks? Has it been tested for security holes?

It uses SMF plus some mods and a small handful of custom changes. Hopefully SMF is well-tested and able to contain poorly-programmed mods

I did a cursory examination of all mods before installing them, but I certainly don't understand SMF enough to judge their security well.

Quote
Is there anything the users community can do to help?

Tell me privately if there are any security problems. I will fix them ASAP.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 20, 2011, 05:40:13 AM
 #3

How secure is the forum?

The default login does not use SSL, you need to manually change to https, how often do you remember to?

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280


View Profile
June 20, 2011, 10:19:36 AM
 #4

How secure is the forum?

The default login does not use SSL, you need to manually change to https, how often do you remember to?

Hrmmm why is this?
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!