|
cruft posted:Good lord, when you log in it just issues you a cookie with your username and password? I thought it was bad enough that we didn't have HTTPS until like 2 years ago. it stores a cookie with your hashed password, so it's not AS bad but... still. and, yeah, that curl command pipes into html2text (cut off because emacs keeps single lines on one goddamn line like the omnissiah intended) ---------------- |
# ? Feb 18, 2021 23:40 |
|
|
# ? Apr 27, 2024 17:04 |
|
...actually wait a loving second i use a password manager it might not be a hash let me check something
---------------- |
# ? Feb 18, 2021 23:44 |
|
oh thank christ it is a hash
---------------- |
# ? Feb 18, 2021 23:45 |
|
You know where I can get some hash? |
# ? Feb 19, 2021 00:23 |
|
hbag posted:oh thank christ it is a hash Yeah, so, sending a hash of the password as the authorization token is Rookie Authentication Mistake #1, on account of you can replay the hash. Like, all the hash is doing for you is turning this conversation: quote:I would like web page 58, and the password is sexy123 into this conversation: quote:I would like web page 58, and the password is sexy123 You see how in either case, was able to grab the authentication token and use it to gain access as . In the first case the token was the password. In the second case, the token was the hash of the password. They're both replayable. Pretty much the only thing that passing around hashes does is if a person uses the same password on every site, then getting their authentication token doesn't reveal their password. This wound up not being something any attacker exploited, other than the "vengeful ex-spouse" attack scenario, which honestly wasn't going to be obtaining the password from unencrypted plaintext HTTP in the first place. |
# ? Feb 19, 2021 03:17 |
|
OP this is a good sign, maybe even: the best. What is your world view on ants? |
# ? Feb 19, 2021 05:37 |
|
nut posted:can u add a button that says fart and makes a fart sound Update on the fart button, please |
# ? Feb 19, 2021 10:34 |
|
GODSPEED JOHN GLENN posted:Update on the fart button, please If the fart button isn't possible, then what even was the point of all these industrial revolutions? |
# ? Feb 19, 2021 14:50 |
|
will begin work on the fart button once the main script is complete ill probably have to develop that on my local hardware though because im pretty sure SDF doesnt have audio capabilities ---------------- |
# ? Feb 19, 2021 22:27 |
|
hbag posted:will begin work on the fart button once the main script is complete If you're running PulseAudio locally, you can have it listen for TCP connections and then set up a reverse tunnel when you ssh out. It all depends on how much effort you're willing to put into a text mode fart button. |
# ? Feb 19, 2021 22:39 |
|
|
# ? Apr 27, 2024 17:04 |
|
Here, OP, I made a fart button so you can focus on your kiboze script. https://jsfiddle.net/zg5bqptx/ |
# ? Feb 19, 2021 22:39 |