Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??

As Anonymous Monk wrote, this is an uplevel decision. PerlMonks is a public site, and the only assets it keeps are the reputations of its members within, and to a certain degree to the outside world - and private scratchpads. Then, of course, the innards of the engine running this site.

Stolen credentials from this site generally aren't an entry point for higher level mischief, as are e.g. credit card numbers and their checksum digits, except for cases were monks reuse their password on this site for logins elsewhere. So there is no need to encrypt the general traffic, but the login process should be diverted to https by default imho.

During all my time here at PerlMonks I have never been impersonated, not even after the famous hack which disclosed a fair number of logins and passwords.

The most important major security improvements necessary for this site are, in my eyes

  • transition from plain text password storage to encrypted
  • overhaul of the procedure behind What's my password? which would send a new generated password in case of encrypted storage
  • a check box in User Settings labelled "allow HTTP login (insecure)" which would not be available to cabalists

These would comprise changes not only to nodes of the everything engine, but also to database tables. As always, the urgent doesn't leave time for the important...

perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'

In reply to Re: End of HTTP? by shmem
in thread End of HTTP? by oiskuu

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others studying the Monastery: (3)
As of 2024-04-26 03:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found