a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment
DanQ  ·  4350 days ago  ·  link  ·    ·  parent  ·  post: Hubski with ssl?

It's an idea well-worth-having. At the very least, for logins it should be mandatory (because otherwise people's passwords are passed around unencrypted, and despite all warnings to the contrary, many people continue to use the same password for multiple sites).

Ideally it should be possible to use SSL the whole time, to prevent cookie theft. Cookie theft is not as dangerous as password theft, because it only allows the attacker to steal the victim's Hubski account and not all of the accounts where they use the same password and a similar username, but it's still pretty bad.

While we're talking about security: you really ought to require that people re-enter their existing password when changing their password. Otherwise an attacker who does the aforementioned cookie theft attack could change the victim's password, thereby locking them out of their own account. In fact, an attacker could change the password of anybody who made the mistake of leaving their computer logged in when the attacker is nearby! That's the major reason that most services require that you re-enter your password in order to change it.

Finally: I assume that you're hashing the password on the database side, and not just storing them plaintext. If not, that really needs fixing, unless you want to be involved in the kinds of attack that got LinkedIn, Sony, eHarmony etc. over the last 18 months.

You're doing great work, mk: please don't think I'm nickpicking! Security's important, and it's worth getting right. Shout me if you need any clarification on any of my points.