The password is only in the url for email-auto-login links. By form it's POST, of course.
Plenty of sites do it, it's really not a security risk, I'll probably fill the url with shit first, to avoid anyone reading it off the screen.
Cheers for pointing that out turb_, silly error on my side.
[QUOTE=Fizzadar;22967319]The password is only in the url for email-auto-login links. By form it's POST, of course.
Plenty of sites do it, it's really not a security risk, I'll probably fill the url with shit first, to avoid anyone reading it off the screen.
Cheers for pointing that out turb_, silly error on my side.[/QUOTE]
Still a better idea to use something other than a plaintext username and password for it. Use a hash of the person's username/email/password and some special salt that's only for the email links or something like that.
[QUOTE=KmartSqrl;22967807]Still a better idea to use something other than a plaintext username and password for it. Use a hash of the person's username/email/password and some special salt that's only for the email links or something like that.[/QUOTE]
I could encrypt then decrypt it I guess...
To be honest, there's nothing particularly insecure about it, especially if I fill the address bar with a load of junk in the first place, or just base64 both of them.
[QUOTE=Fizzadar;22968089]I could encrypt then decrypt it I guess...
To be honest, there's nothing particularly insecure about it, especially if I fill the address bar with a load of junk in the first place, or just base64 both of them.[/QUOTE]
Why not just generate one-time login tickets?
[QUOTE=Fizzadar;22968089]I could encrypt then decrypt it I guess...
To be honest, there's nothing particularly insecure about it, especially if I fill the address bar with a load of junk in the first place, or just base64 both of them.[/QUOTE]
Filling the address bar with a load of junk will not change the fact that there's a plaintext password floating around :P
You don't need to decrypt them, you just write a special login method that is tailored for the email based logins. If you don't even incorporate the password in them at all, and you use a special hash that has to match something in the user's DB entry you've already got a much more secure system.
True, I'll probably do that.
Although, plain password floating around in the address bar isn't really an issue, I can't see it being used at all...
[QUOTE=Fizzadar;22969450]True, I'll probably do that.
Although, plain password floating around in the address bar isn't really an issue, I can't see it being used at all...[/QUOTE]
Although it's not likely that anyone is going to steal a password for a site like that, or that a compromised account would really be much of a bother, it's still a good habit to get in to :) especially if you want to use the site as street cred for a potential employer or something.
[QUOTE=KmartSqrl;22969633]Although it's not likely that anyone is going to steal a password for a site like that, or that a compromised account would really be much of a bother, it's still a good habit to get in to :) especially if you want to use the site as street cred for a potential employer or something.[/QUOTE]
Guess so :P
Always good to be paranoid, too.
Safety first!
It's just seriously bad practice to pass passwords around in querystrings.
Especially since Apache, any intermediated proxy servers and the browser itself could log the querystring.
Did some wicked mad performance optimizations on AnyHub by updating stats in a separate thread.
Went from this:
[img]http://ahb.me/6Jm[/img]
To this:
[img]http://ahb.me/6JE[/img]
The highlighted call to Global+<>c__DisplayClass2's constructor in the second screenshot is part of the magic behind C#'s closures, but that's basically the thread I'm setting up to do statistics.
Has anyone here got any experience with creating a wordpress plugin? Going to give it a shot as I have some free time over the next few days. Looking to port my codecanyon Buyandsell system to wordpress to try and get a few more cheeky sales :)
[QUOTE=Funcoot;22957582]Nice, are you gonna be releasing this afterwards for free?[/QUOTE]
On your site, am I missing something about sending the email? :confused:
[QUOTE=JDream;22974707]Has anyone here got any experience with creating a wordpress plugin? Going to give it a shot as I have some free time over the next few days. Looking to port my codecanyon Buyandsell system to wordpress to try and get a few more cheeky sales :)[/QUOTE]
I believe WordPress have a ton of resources over at their site on how to get started with plugins.
EDIT: I could be a cock and not give you a link, but here you go: [url]http://codex.wordpress.org/Writing_a_Plugin[/url]
Cheers Scooby.
Been cracking on with this for about a hour or so, and I have to say, its very easy to get something up and running quickly. Quite enjoying delving into the wordpress documentation as well, as it is so well done.
hey guys, been working on my css development and so far have created this using no images:
[IMG]http://img143.imageshack.us/img143/2779/home1v.png[/IMG]
52 Lines of HTML
239 Lines of CSS
any of you guys give me any design tips on what i could change or if there are any problems with it.
Heres a link to the website where it is hosted:
[URL="http://www.facepunch.com/www.mike.animatorx.net"]www.mike.animatorx.net[/URL]
Looks a bit square at the moment, some round corners wouldn't hurt I think.
[QUOTE=Sirkorv;22980365]Looks a bit square at the moment, some round corners wouldn't hurt I think.[/QUOTE]
Good idea, this was mainly just to practice on some css without using images and stuff, i mgiht add them at a later date, I want to add some mysql features first so i can add content easily. tbh, im not sure where this site will go.
Remove the underline from the footer and header links, they are already known to be links, and it'll look better.
[QUOTE=turb_;22972984]Did some wicked mad performance optimizations on AnyHub by updating stats in a separate thread.
Went from this:
[img_thumb]http://ahb.me/6Jm[/img_thumb]
To this:
[img_thumb]http://ahb.me/6JE[/img_thumb]
The highlighted call to Global+<>c__DisplayClass2's constructor in the second screenshot is part of the magic behind C#'s closures, but that's basically the thread I'm setting up to do statistics.[/QUOTE]
[img]http://i48.tinypic.com/waq2dh.png[/img]
I get this all the time with any image uploaded to AnyHub.
[QUOTE=ddrl46;22983017][IMG_thumb]http://i48.tinypic.com/waq2dh.png[/IMG_thumb]
I get this all the time with any image uploaded to AnyHub.[/QUOTE]
Looks like a .net error(:P)
[QUOTE=ddrl46;22983017][img]http://i48.tinypic.com/waq2dh.png[/img]
I get this all the time with any image uploaded to AnyHub.[/QUOTE]
Looks like a problem on your end.
Your problem.
Man I had this really good RoR book I was reading and I lost the link. Fuck.
Been working on a little image uploading script. So far I have completed the design and the ability to upload images (don't need to have an account)
[img]http://dl.dropbox.com/u/3695360/design/des_3.JPG[/img]
Going to work on later: albums, file managment and resizing images.
A live demo can be found at: [url]http://78.47.219.44/simpload/[/url]
And an example image in the little image displayer: [url]http://78.47.219.44/simpload/image.php?con=view&id=4d3af2539647f378959036e799bb2cc2[/url]
Whoop found it! [url]http://www.railstutorial.org/book[/url]
[QUOTE=AzzyMaster;22983636]And an example image in the little image displayer: [URL]http://78.47.219.44/simpload/image.php?con=view&id=4d3af2539647f378959036e799bb2cc2[/URL][/QUOTE]
I'm really interested where that photograph is from.
[QUOTE=jaybuz;22984000]I'm really interested where that photograph is from.[/QUOTE]
Some riot in Kyrgyzstan, was in the News Node a few months back
EDIT:
Anyone know how to align like this: [url]http://dl.dropbox.com/u/3695360/design/des_4.JPG[/url] , but without the use of tables, everything else I have tried has failed.
[QUOTE=Mikeyspike;22979670]hey guys, been working on my css development and so far have created this using no images:
[IMG]http://img143.imageshack.us/img143/2779/home1v.png[/IMG]
52 Lines of HTML
239 Lines of CSS
any of you guys give me any design tips on what i could change or if there are any problems with it.
Heres a link to the website where it is hosted:
[URL="http://www.facepunch.com/www.mike.animatorx.net"]www.mike.animatorx.net[/URL][/QUOTE]
This is a good example of why you shouldn't design in the browser when you're just getting started. The problem is that you are "learning design" when you're actually learning HTML and CSS. If you want to learn design you should be learning design first, not front end development. If you want to learn front end development you should be learning to take a design from Photoshop and turning it in to well written HTML/CSS ([i]especially[/i] if you're interested in making money from it, because that is what a front end developer is going to be doing in a professional environment)
You've got lots of spacing issues, everything feels way too cramped. The article content and the footer stuff is especially cramped, and needs way more breathing room.
The dark 1px lines you've got all over don't look too hot either, they're adding to the cluttered feel, if you want to keep them they need to be a lot lighter, and I'd ditch the one that wraps the whole site area.
The header font looks really chunky and dated too, Georgia in italics really isn't very pretty.
I'm also not to keen on the background color for the page (the pastel blue) in combination with the more vibrant blue you've got for the headers. They clash a bit and the pastel doesn't feel right with that other energetic blue.
I wish there were more posts like that.
[QUOTE=compwhizii;22988763]I wish there were more posts like that.[/QUOTE]
So do I.
Sorry, you need to Log In to post a reply to this thread.
