Passwords
Passwords
Just a general security issue... Perhaps we should mandate periodical password changes for all people with certain accesses. It could be made automated, done with the push of a button, giving each person truly random passwords, or just done manually by each person (which would unfortunately leave enforcement undoable).
I also plan to talk to Greg Dean about on a similar schedule doing a check of the forum files on the server, and uploading over them. It is possible, if someone got a high enough password, to modify a file on the server and siphon our precious passwords away. If we have Greg Dean replace all files periodically with assuredly "clean" ones, any security breaches would be corrected post haste.
I know some of these things may seem paranoid or overkill, but I wouldn't propose them if I didn't know they could be exploited.
I also plan to talk to Greg Dean about on a similar schedule doing a check of the forum files on the server, and uploading over them. It is possible, if someone got a high enough password, to modify a file on the server and siphon our precious passwords away. If we have Greg Dean replace all files periodically with assuredly "clean" ones, any security breaches would be corrected post haste.
I know some of these things may seem paranoid or overkill, but I wouldn't propose them if I didn't know they could be exploited.
Former Dinarch of Antica
Former Citizen of Shireroth
Former Scourge of Micras
Former Citizen of Shireroth
Former Scourge of Micras
- AngelGuardian93
- Posts: 2583
- Joined: Mon Aug 25, 2003 8:36 pm
- Location: Russell Castle, Mirioth
- Contact:
Ok, thanks to some deliberation with Greg Dean, I've evolved the plan. First off, replacing the particular file(s) I'm thinking of can be done automatically with cron jobs. Secondly, I can also have a PHP script run which would change the passwords randomly and send them to the people's emails on a schedule, if we went ahead with that sort of plan.
Former Dinarch of Antica
Former Citizen of Shireroth
Former Scourge of Micras
Former Citizen of Shireroth
Former Scourge of Micras
- Kaiseress Semisa I
- Posts: 546
- Joined: Mon Nov 21, 2005 4:56 pm
- Location: Shirekeep
- Contact:
-
- Posts: 1462
- Joined: Mon Sep 27, 2004 3:35 pm
- Location: My Airship
- Contact:
Believe me, if this is implemented, the passwords will look something like that. However, no matter how clever, if someone manages to get to a position in which our passwords are given to them basically, what good would a long-ass password do? None.
Former Dinarch of Antica
Former Citizen of Shireroth
Former Scourge of Micras
Former Citizen of Shireroth
Former Scourge of Micras
Permission to implement this plan for anyone with access here? I'd basically run a script at a given time every week or so (more or less depending on how we want it), and then it would assign everyone here new passwords and send them via email.
Former Dinarch of Antica
Former Citizen of Shireroth
Former Scourge of Micras
Former Citizen of Shireroth
Former Scourge of Micras
Who is online
Users browsing this forum: No registered users and 9 guests