mersenneforum.org  

Go Back   mersenneforum.org > New To GIMPS? Start Here! > Information & Answers

Reply
 
Thread Tools
Old 2013-02-07, 21:38   #1
Unregistered
 

68710 Posts
Exclamation security of the webpage?

i just noticed that the login data (username and password) are transmitted by GET-method (= you can see everything in the url) which is very careless, because i do think that only a few people use more than one password for all their stuff. please fix that as soon as possible!
  Reply With Quote
Old 2013-02-07, 23:49   #2
Dubslow
Basketry That Evening!
 
Dubslow's Avatar
 
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88

1C3516 Posts
Default

A lot of us here have complained about it from time to time, but not much has been done. PrimeNet is very fragile as it is. I just changed my password as soon as I figured it out (though of course many people may not realize exactly how vulnerable their password is, which is of course why you posted).
Dubslow is offline   Reply With Quote
Old 2013-02-08, 03:21   #3
LaurV
Romulan Interpreter
 
LaurV's Avatar
 
Jun 2011
Thailand

2×11×397 Posts
Default

You can't do too much with my password, you don't need it to reserve the work or report results. Where you really need it, is to report manual results on the web page (you need to be logged in first), so, be my guest to hack my password and report few thousand GHzDays of LL testing on my name... I will give you a beer when we meet.
LaurV is offline   Reply With Quote
Old 2013-02-08, 03:46   #4
schickel
 
schickel's Avatar
 
"Frank <^>"
Dec 2004
CDP Janesville

2·1,061 Posts
Default

Quote:
Originally Posted by LaurV View Post
You can't do too much with my password, you don't need it to reserve the work or report results. Where you really need it, is to report manual results on the web page (you need to be logged in first), so, be my guest to hack my password and report few thousand GHzDays of LL testing on my name... I will give you a beer when we meet.
I think the OP is probably more worried about other sites (people that use their Primenet password for other sites....)
schickel is offline   Reply With Quote
Old 2013-02-08, 04:42   #5
LaurV
Romulan Interpreter
 
LaurV's Avatar
 
Jun 2011
Thailand

2·11·397 Posts
Default

Quote:
Originally Posted by schickel View Post
I think the OP is probably more worried about other sites (people that use their Primenet password for other sites....)
I know exactly what you mean. Remember? I was one of the "concerned people", it is still on the forum somewhere. In the beginnings I was very worried that my password appears in clear in the link, and my IT can see it, or my inet provider.

Till I realized they can't really use it for anything... of course if I don't use the same password for the bank account... but even so....

... there is an old Romanian joke about a guy hearing noises in the house in the night, in the dark, he wakes up and cry "Who is there!" then a voice said "Thieves, shut up and don't move or we kill you!" "What do you want?" asked the man, "Money!" replied the thieves, "Well, then I can go back to sleep" says the man, "I am looking for money in sunlight and I can't find them, and do you wanna find them in the dark ??!?!?..."

I assume I can use the same password for my bank account too...

Last fiddled with by LaurV on 2013-02-08 at 04:47
LaurV is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
The webpage cannot be found for win7 64 benDan Software 4 2012-12-17 05:59
Webpage on Newton-Raphson ewmayer Other Mathematical Topics 36 2012-09-11 13:32
Gimps Results to webpage? Unregistered Information & Answers 2 2009-10-27 18:15
Key fob security. Xyzzy Science & Technology 13 2007-03-09 02:39
GIMPS webpage eratos Lounge 26 2004-01-06 20:57

All times are UTC. The time now is 21:16.

Fri Sep 18 21:16:33 UTC 2020 up 8 days, 18:27, 1 user, load averages: 1.46, 1.63, 1.71

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.