Click here to Skip to main content
11,639,305 members (70,426 online)

Welcome to the Lounge

   

For lazing about and discussing anything in a software developer's life that takes your fancy except programming questions.

Technical discussions are encouraged, but click here to ask your programming question.

The Lounge is rated PG. If you're about to post something you wouldn't want your kid sister to read then don't post it. No flame wars, no abusive conduct, no programming questions and please don't post ads.
 
GeneralRe: Misuse of the Quick Answers Forum Pin
Duncan Edwards Jones15-Apr-14 4:59
professionalDuncan Edwards Jones15-Apr-14 4:59 
GeneralRe: Misuse of the Quick Answers Forum Pin
gggustafson15-Apr-14 5:08
professionalgggustafson15-Apr-14 5:08 
GeneralTaking a Bus - From this quarter's MERG bulletin... Pin
Ger Hayden13-Apr-14 8:12
memberGer Hayden13-Apr-14 8:12 
GeneralRe: Taking a Bus - From this quarter's MERG bulletin... Pin
d@nish 13-Apr-14 8:21
member d@nish 13-Apr-14 8:21 
GeneralRe: Taking a Bus - From this quarter's MERG bulletin... Pin
d@nish 13-Apr-14 8:22
member d@nish 13-Apr-14 8:22 
GeneralRe: Taking a Bus - From this quarter's MERG bulletin... Pin
Ger Hayden14-Apr-14 8:31
memberGer Hayden14-Apr-14 8:31 
RantI hate Cengage's SAM system Pin
Brisingr Aerowing13-Apr-14 6:58
professionalBrisingr Aerowing13-Apr-14 6:58 
GeneralThe Heartbleed Bug Pin
Espen Harlinn13-Apr-14 5:03
mentorEspen Harlinn13-Apr-14 5:03 
I guess just about all of us have now heard about the heartbleed bug[^].

From the rather massive media coverage it appears that this can be exploited in ways that allows an attacker to potentially retrieve logon information such as user names and passwords.

If this is possible, it also means that the actual password, and not a cryptographic digest, has been sendt to the server - and that the actual real password is kept in memory, and that it is either stored locally by the server, or the server can retrieve the password from another server on the network, or farward it to another server for authentication.

Even if there was no heartbleed bug, this sounds like a f***up on a much grander scale than the heartbleed bug, because it makes it likely that a lot of people believe they have implemented strong security, while actually implementing something that is quite vulnerable.

Thoughts anybody? or jokes (if you can come up with good ones)

[Update]
Just to be clear: I think we should allways use transport level security, and even then we should never send the password in a form that can be easily reconstructed.
Espen Harlinn
Principal Architect, Software - Goodtech Projects & Services AS

Projects promoting programming in "natural language" are intrinsically doomed to fail. Edsger W.Dijkstra


modified 14-Apr-14 6:00am.

GeneralRe: The Heartbleed Bug Pin
Jörgen Andersson13-Apr-14 5:25
professionalJörgen Andersson13-Apr-14 5:25 
GeneralRe: The Heartbleed Bug Pin
Espen Harlinn13-Apr-14 8:50
mentorEspen Harlinn13-Apr-14 8:50 
GeneralRe: The Heartbleed Bug Pin
OriginalGriff13-Apr-14 5:39
protectorOriginalGriff13-Apr-14 5:39 
JokeRe: The Heartbleed Bug Pin
Wes Aday13-Apr-14 5:56
memberWes Aday13-Apr-14 5:56 
GeneralRe: The Heartbleed Bug Pin
OriginalGriff13-Apr-14 6:09
protectorOriginalGriff13-Apr-14 6:09 
GeneralRe: The Heartbleed Bug Pin
d@nish 13-Apr-14 8:09
member d@nish 13-Apr-14 8:09 
GeneralRe: The Heartbleed Bug Pin
Wes Aday13-Apr-14 10:34
memberWes Aday13-Apr-14 10:34 
GeneralRe: The Heartbleed Bug Pin
Espen Harlinn13-Apr-14 8:56
mentorEspen Harlinn13-Apr-14 8:56 
GeneralRe: The Heartbleed Bug Pin
Chris Maunder13-Apr-14 16:41
adminChris Maunder13-Apr-14 16:41 
GeneralRe: The Heartbleed Bug Pin
OriginalGriff13-Apr-14 20:24
protectorOriginalGriff13-Apr-14 20:24 
GeneralRe: The Heartbleed Bug Pin
Munchies_Matt13-Apr-14 6:37
memberMunchies_Matt13-Apr-14 6:37 
GeneralRe: The Heartbleed Bug Pin
Espen Harlinn13-Apr-14 9:04
mentorEspen Harlinn13-Apr-14 9:04 
GeneralRe: The Heartbleed Bug Pin
d@nish 13-Apr-14 9:27
member d@nish 13-Apr-14 9:27 
GeneralRe: The Heartbleed Bug Pin
Munchies_Matt13-Apr-14 13:10
memberMunchies_Matt13-Apr-14 13:10 
GeneralRe: The Heartbleed Bug Pin
J. Adam Armstrong13-Apr-14 14:49
memberJ. Adam Armstrong13-Apr-14 14:49 
GeneralRe: The Heartbleed Bug Pin
Espen Harlinn13-Apr-14 23:41
mentorEspen Harlinn13-Apr-14 23:41 
GeneralRe: The Heartbleed Bug Pin
Chris Maunder13-Apr-14 16:46
adminChris Maunder13-Apr-14 16:46 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.


Advertise | Privacy | Mobile
Web04 | 2.8.150728.1 | Last Updated 31 Jul 2015
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid