Shireroth

The Imperial Republic of Shireroth
https://shireroth.org/forum/

Passwords

https://shireroth.org/forum/viewtopic.php?t=6254

Page 1 of 1

Passwords

Posted: Tue Jan 24, 2006 12:42 am
by Delphi
Just a general security issue... Perhaps we should mandate periodical password changes for all people with certain accesses. It could be made automated, done with the push of a button, giving each person truly random passwords, or just done manually by each person (which would unfortunately leave enforcement undoable).

I also plan to talk to Greg Dean about on a similar schedule doing a check of the forum files on the server, and uploading over them. It is possible, if someone got a high enough password, to modify a file on the server and siphon our precious passwords away. If we have Greg Dean replace all files periodically with assuredly "clean" ones, any security breaches would be corrected post haste.

I know some of these things may seem paranoid or overkill, but I wouldn't propose them if I didn't know they could be exploited.

Posted: Tue Jan 24, 2006 9:01 am
by AngelGuardian93
I agree with Delphi. Codes can be cracked, after all...

Posted: Wed Jan 25, 2006 2:03 am
by Delphi
Ok, thanks to some deliberation with Greg Dean, I've evolved the plan. First off, replacing the particular file(s) I'm thinking of can be done automatically with cron jobs. Secondly, I can also have a PHP script run which would change the passwords randomly and send them to the people's emails on a schedule, if we went ahead with that sort of plan.

Posted: Wed Jan 25, 2006 10:17 am
by Kaiseress Semisa I
I'm down with that, as long as the password changingness won't log me out if I'm currently browsing.

Posted: Wed Jan 25, 2006 2:20 pm
by Delphi
That's something I'd have to test, but the changes would likely happen at an off-beat time... maybe 6am EST (3am PST), so that the number of people with the high-up accesses who are browsing would be highly limited.

Posted: Wed Jan 25, 2006 4:09 pm
by osmose1000
We can't just go with passwords like ag80894bqgf0b34hw3iqw80a8h? Damn.

Posted: Wed Jan 25, 2006 7:38 pm
by Delphi
Believe me, if this is implemented, the passwords will look something like that. However, no matter how clever, if someone manages to get to a position in which our passwords are given to them basically, what good would a long-ass password do? None.

Posted: Sun Jan 29, 2006 4:11 pm
by Delphi
Permission to implement this plan for anyone with access here? I'd basically run a script at a given time every week or so (more or less depending on how we want it), and then it would assign everyone here new passwords and send them via email.

Posted: Mon Jan 30, 2006 8:50 pm
by Shyriath
Changing passwords? Aaagh...

But it is a good idea, nonetheless. I shall sacrifice my love of the constant gladly if it helps national security.
All times are UTC-08:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited