Quoting: KelsSamsai still being an International Man of Mystery this week? Or is this something the two of you cooked up?

He's currently doing *removed* to prepare for *removed* so that I can *removed*

View this comment - View article - View full comments

Quoting: KimyrielleIt's funny how they needed longer to "assess the feasibility" of the port than making the actual port.

Again, people don't seem to understand what feasibility means. I did explain it before, but to explain again.

Checking the feasibility of a port doesn't mean it isn't being worked on, it means they may have hit unexpected problems they were trying to overcome. I don't know any specifics, but it's clear it was being worked on for some time to be able to arrive so soon.

View this comment - View article - View full comments

Quoting: Eric1212Thanks to Eike, i was wondering if i was the only one to thanks the guy on IRC for his help. I know liamdawe that it's sure been a really unfunny moment considering you was planning somes time with your familly and this user didn't act as he supposed to do. But he still helped us. Also, the affected part of the website seems to contains dumb data(Last viewed url, time viewing current page, etc.), i'm not even sure it's was worth quitting your familly for that...

The problem I had, was messages deemed as urgent from multiple people telling me about security issues and demanding I get to the computer. This caused quite a panic, but it wasn't a big issue in the end.

I am thankful and I've chatted to the guy who highlighted and thanked them personally.

View this comment - View article - View full comments

I've been sent a review key, views will be up ASAP.

View this comment - View article - View full comments

Quoting: erlaanI have a Question do you mean Hash or do you realy store our password with a encryption? "We do use strong encryption on passwords and salts"

We use PHP's "password_hash" function with the PASSWORD_BCRYPT option.

View this comment - View article - View full comments

Quoting: Guest

Quoting: EikeWhile disclosing security concerns publicly without having communicated privatly before is obviously not the optimal thing to do, it's still probable that the guy on IRC made the website more safe, not more unsafe.

I’ll go light a fire in your wood house so then you’ll thank me for having shown you that is was not safe, eh?

It's more like giving a lit match to someone next to petrol :P

View this comment - View article - View full comments

Yeah sorry, minor update you must have loaded in-between.

View this comment - View article - View full comments

Quoting: GuestWhile we're on the topic of security.. our login names should ideally be different from our public usernames. More and more sites are making you sign in with your privately stored email address rather than your publicly visible username. If the username is known, half of the login credentials have already been obtained. It's best to give an attacker no information to go on.

That's an interesting point you have there. We have half of this done, as we moved to allow email logins some time ago. At some point it might be a good idea then to remove username based logins.

View this comment - View article - View full comments

Further to the above, I have spoken to our web-host and they have changed our PHP configuration to improve security for the session cookie.

We are now also now regenerating the session every so often to mitigate future annoyances.

I have also now properly spoken to the person who highlighted it.

Edit: Random extra word.

View this comment - View article - View full comments

Quoting: M@yeulCWell, was the session authentication information available, or was this one hashed as well? If the former, wouldn't login everyone out be a good security measure? That said, I was logged out on my desktop, so you might have done it already.

I actually removed all sessions and implemented a new bit of code to help with that, so that should have been done anyway to be sure.

View this comment - View article - View full comments