Click here to Skip to main content

Welcome to the Lounge

   

For lazing about and discussing anything in a software developer's life that takes your fancy except programming questions.

Technical discussions are encouraged, but click here to ask your programming question.

The Lounge is rated PG. If you're about to post something you wouldn't want your kid sister to read then don't post it. No flame wars, no abusive conduct, no programming questions and please don't post ads.


 
GeneralRe: Misuse of the Quick Answers Forum PinmemberTesfamichael G.15-Apr-14 23:37 
GeneralRe: Misuse of the Quick Answers Forum PinmemberJohn Simmons / outlaw programmer14-Apr-14 5:38 
GeneralRe: Misuse of the Quick Answers Forum Pinprofessionalgggustafson14-Apr-14 6:38 
GeneralRe: Misuse of the Quick Answers Forum PinmemberJohn Simmons / outlaw programmer14-Apr-14 7:06 
GeneralRe: Misuse of the Quick Answers Forum Pinprofessional_Maxxx_14-Apr-14 16:48 
GeneralRe: Misuse of the Quick Answers Forum Pinprofessionalgggustafson14-Apr-14 17:50 
GeneralRe: Misuse of the Quick Answers Forum PinprofessionalDuncan Edwards Jones15-Apr-14 5:59 
GeneralRe: Misuse of the Quick Answers Forum Pinprofessionalgggustafson15-Apr-14 6:08 
GeneralTaking a Bus - From this quarter's MERG bulletin... PinmemberGer Hayden13-Apr-14 9:12 
GeneralRe: Taking a Bus - From this quarter's MERG bulletin... Pinmember d@nish 13-Apr-14 9:21 
GeneralRe: Taking a Bus - From this quarter's MERG bulletin... Pinmember d@nish 13-Apr-14 9:22 
GeneralRe: Taking a Bus - From this quarter's MERG bulletin... PinmemberGer Hayden14-Apr-14 9:31 
RantI hate Cengage's SAM system PinprofessionalBrisingr Aerowing13-Apr-14 7:58 
GeneralThe Heartbleed Bug [modified] PinmentorEspen Harlinn13-Apr-14 6:03 
I guess just about all of us have now heard about the heartbleed bug[^].

From the rather massive media coverage it appears that this can be exploited in ways that allows an attacker to potentially retrieve logon information such as user names and passwords.

If this is possible, it also means that the actual password, and not a cryptographic digest, has been sendt to the server - and that the actual real password is kept in memory, and that it is either stored locally by the server, or the server can retrieve the password from another server on the network, or farward it to another server for authentication.

Even if there was no heartbleed bug, this sounds like a f***up on a much grander scale than the heartbleed bug, because it makes it likely that a lot of people believe they have implemented strong security, while actually implementing something that is quite vulnerable.

Thoughts anybody? or jokes (if you can come up with good ones)

[Update]
Just to be clear: I think we should allways use transport level security, and even then we should never send the password in a form that can be easily reconstructed.
Espen Harlinn
Principal Architect, Software - Goodtech Projects & Services AS

Projects promoting programming in "natural language" are intrinsically doomed to fail. Edsger W.Dijkstra


modified 14-Apr-14 6:00am.

GeneralRe: The Heartbleed Bug PinprofessionalJörgen Andersson13-Apr-14 6:25 
GeneralRe: The Heartbleed Bug PinmentorEspen Harlinn13-Apr-14 9:50 
GeneralRe: The Heartbleed Bug PinprotectorOriginalGriff13-Apr-14 6:39 
JokeRe: The Heartbleed Bug PinmemberWes Aday13-Apr-14 6:56 
GeneralRe: The Heartbleed Bug PinprotectorOriginalGriff13-Apr-14 7:09 
GeneralRe: The Heartbleed Bug Pinmember d@nish 13-Apr-14 9:09 
GeneralRe: The Heartbleed Bug PinmemberWes Aday13-Apr-14 11:34 
GeneralRe: The Heartbleed Bug PinmentorEspen Harlinn13-Apr-14 9:56 
GeneralRe: The Heartbleed Bug PinadminChris Maunder13-Apr-14 17:41 
GeneralRe: The Heartbleed Bug PinprotectorOriginalGriff13-Apr-14 21:24 
GeneralRe: The Heartbleed Bug PinmemberMunchies_Matt13-Apr-14 7:37 
GeneralRe: The Heartbleed Bug PinmentorEspen Harlinn13-Apr-14 10:04 
GeneralRe: The Heartbleed Bug Pinmember d@nish 13-Apr-14 10:27 
GeneralRe: The Heartbleed Bug PinmemberMunchies_Matt13-Apr-14 14:10 
GeneralRe: The Heartbleed Bug PinmemberJ. Adam Armstrong13-Apr-14 15:49 
GeneralRe: The Heartbleed Bug PinmentorEspen Harlinn14-Apr-14 0:41 
GeneralRe: The Heartbleed Bug PinadminChris Maunder13-Apr-14 17:46 
GeneralRe: The Heartbleed Bug PinmentorEspen Harlinn14-Apr-14 2:02 
GeneralRe: The Heartbleed Bug Pinmember d@nish 13-Apr-14 7:49 
GeneralRe: The Heartbleed Bug PinmentorEspen Harlinn13-Apr-14 12:36 
GeneralRe: The Heartbleed Bug PinsitebuilderAndy Brummer13-Apr-14 12:57 
GeneralWeb Hosting Renewal [modified] PinmemberC-P-User-313-Apr-14 0:12 
GeneralRe: Web Hosting Renewal PinprofessionalCarefulCoder13-Apr-14 0:53 
GeneralRe: Web Hosting Renewal PinprotectorOriginalGriff13-Apr-14 1:29 
GeneralRe: Web Hosting Renewal PinprofessionalMycroft Holmes13-Apr-14 1:54 
GeneralRe: Web Hosting Renewal PinmemberDaveX8613-Apr-14 3:25 
JokeRe: Web Hosting Renewal PinmemberWes Aday13-Apr-14 4:09 
GeneralRe: Web Hosting Renewal PinmemberGuyThiebaut13-Apr-14 9:51 
GeneralRe: Web Hosting Renewal PinmemberSteve Wellens13-Apr-14 19:32 
GeneralRe: Web Hosting Renewal PinmemberJohn Korondy14-Apr-14 8:20 
GeneralRe: Web Hosting Renewal PinmemberJohanJvR13-Apr-14 22:51 
GeneralRe: Web Hosting Renewal Pinmembersuroma14-Apr-14 1:00 
GeneralRe: Web Hosting Renewal PinmemberC-P-User-317-Apr-14 3:17 
GeneralRe: Web Hosting Renewal Pinmemberhsidhu14-Apr-14 3:53 
GeneralRe: Web Hosting Renewal PinmemberRon Nicholson14-Apr-14 10:59 
GeneralRe: Web Hosting Renewal PinmemberC-P-User-310-May-14 13:52 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.


Advertise | Privacy | Mobile
Web02 | 2.8.150414.1 | Last Updated 19 Apr 2015
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid