+- Mirage Engine (https://mirage-engine.uk/forums)
+-- Forum: Mirage Source (Nostalgia) (https://mirage-engine.uk/forums/forumdisplay.php?fid=61)
+--- Forum: Archive (2006-2011) (https://mirage-engine.uk/forums/forumdisplay.php?fid=18)
+---- Forum: Resources (https://mirage-engine.uk/forums/forumdisplay.php?fid=49)
+---- Thread: Password Sensitivity (/showthread.php?tid=60)
Password Sensitivity - grimsk8ter11 - 01-06-2006
Originally posted by Baltan
ServerSide:
look at you're PasswordOK function:
Code:
Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean
Dim FileName As String
Dim RightPassword As String
PasswordOK = False
If AccountExist(Name) Then
FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini"
RightPassword = GetVar(FileName, "GENERAL", "Password")
If UCase(Trim(Password)) = UCase(Trim(RightPassword)) Then
PasswordOK = True
End If
End If
End FunctionThis is VERY VERY bad security
Why do you ask?
it says that
password = PassWord = PaSsWoRd = PASSWORD
Case insensitivity, :|
Case Sensitive passwords are hundreds of times harder and longer to BruteForce or DictionaryHack
So lets change that up eh?
Code:
Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean
Dim FileName As String
Dim RightPassword As String
PasswordOK = False
If AccountExist(Name) Then
FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini"
RightPassword = GetVar(FileName, "GENERAL", "Password")
If Trim(Password) = Trim(RightPassword) Then
PasswordOK = True
End If
End If
End Function