Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Main > BYOB: BYOB BYOB BOYB BBOY YOBB YBOB BBYO?? > QUICK, DOGPILE THE NEW GUY!
«3 »
 
  • Post
  • Reply
hbag

cruft posted:

Good lord, when you log in it just issues you a cookie with your username and password? I thought it was bad enough that we didn't have HTTPS until like 2 years ago.

Have you looked into using pandoc to convert from HTML into Markdown?

Looks like a fun project.

it stores a cookie with your hashed password, so it's not AS bad but... still.
and, yeah, that curl command pipes into html2text (cut off because emacs keeps single lines on one goddamn line like the omnissiah intended)

----------------
This thread brought to you by a tremendous dickhead!
* # ? Feb 18, 2021 23:40
  • Quote
Adbot
ADBOT LOVES YOU

# ? Apr 27, 2024 17:04
  • Quote
hbag

 ...actually wait a loving second i use a password manager it might not be a hash let me check something

----------------
This thread brought to you by a tremendous dickhead!
* # ? Feb 18, 2021 23:44
  • Quote
hbag

 oh thank christ it is a hash

----------------
This thread brought to you by a tremendous dickhead!
* # ? Feb 18, 2021 23:45
  • Quote
Ass-penny

 You know where I can get some hash?

* # ? Feb 19, 2021 00:23
  • Quote
cruft

hbag posted:

oh thank christ it is a hash

Yeah, so, sending a hash of the password as the authorization token is Rookie Authentication Mistake #1, on account of you can replay the hash.

Like, all the hash is doing for you is turning this conversation:

quote:

:o: I would like web page 58, and the password is sexy123
:) Okay, great, here's the web page.
:o: Now I would like web page 59, and the password is sexy123
:) Here ya go.
:classiclol: I would also like a web page, number 43, and the password is sexy123. Please ignore the obvious disguise, I am the real user.
:) Okay, here it is.

into this conversation:

quote:

:o: I would like web page 58, and the password is sexy123
:) Right, could you come back again, except this time say the password is 28b10cac5a09b9e2d8dda57372bc9ba5
:o: Okay... I would like web page 58, and the password is 28b10cac5a09b9e2d8dda57372bc9ba5
:) Great, thanks, here's the web page.
:o: Now I would like web page 59, and the password is 28b10cac5a09b9e2d8dda57372bc9ba5
:) Here ya go.
:classiclol: I would also like web page, number 43, and the password is 28b10cac5a09b9e2d8dda57372bc9ba5. I am actually the user in question.
:) Great to see you again, here it is.

You see how in either case, :classiclol: was able to grab the authentication token and use it to gain access as :o:. In the first case the token was the password. In the second case, the token was the hash of the password. They're both replayable.

Pretty much the only thing that passing around hashes does is if a person uses the same password on every site, then getting their authentication token doesn't reveal their password. This wound up not being something any attacker exploited, other than the "vengeful ex-spouse" attack scenario, which honestly wasn't going to be obtaining the password from unencrypted plaintext HTTP in the first place.

* # ? Feb 19, 2021 03:17
  • Quote
Thunder Moose

S.J.C.
OP this is a good sign, maybe even: the best.

What is your world view on ants?

* # ? Feb 19, 2021 05:37
  • Quote
GODSPEED JOHN GLENN


I put my thumb up my bum and shut one eye, and my thumb blotted out the planet Earth.

nut posted:

can u add a button that says fart and makes a fart sound

Update on the fart button, please

* # ? Feb 19, 2021 10:34
  • Quote
Prof. Crocodile

GODSPEED JOHN GLENN posted:

Update on the fart button, please

If the fart button isn't possible, then what even was the point of all these industrial revolutions?

* # ? Feb 19, 2021 14:50
  • Quote
hbag

 will begin work on the fart button once the main script is complete
ill probably have to develop that on my local hardware though because im pretty sure SDF doesnt have audio capabilities

----------------
This thread brought to you by a tremendous dickhead!
* # ? Feb 19, 2021 22:27
  • Quote
cruft

hbag posted:

will begin work on the fart button once the main script is complete
ill probably have to develop that on my local hardware though because im pretty sure SDF doesnt have audio capabilities

If you're running PulseAudio locally, you can have it listen for TCP connections and then set up a reverse tunnel when you ssh out.

It all depends on how much effort you're willing to put into a text mode fart button.

* # ? Feb 19, 2021 22:39
  • Quote
Adbot
ADBOT LOVES YOU

# ? Apr 27, 2024 17:04
  • Quote
cruft

 Here, OP, I made a fart button so you can focus on your kiboze script.

https://jsfiddle.net/zg5bqptx/

* # ? Feb 19, 2021 22:39
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Main > BYOB: BYOB BYOB BOYB BBOY YOBB YBOB BBYO?? > QUICK, DOGPILE THE NEW GUY!
«3 »