Re^5: Did Perlmonks Ever Salt and Hash Their Password Database?

doing that from the other end of the internet is not trivial

Depends if your room mate is as knowledgeable and careful as you are. If I can infiltrate his machine -- or any of the other 250 on your local subnet -- I can monitor your traffic.

For a site that has the claimed and demonstrated website expertise as this place; "the framework doesn't allow for this" is a pathetic excuse.

A secure login doesn't have to be a part of the "framework"; it could be a completely standalone process that sets a flag somewhere accessible from the framework.

That's all it would take! (That is doesn't exist, is pathetic!)

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority". I knew I was on the right track :)

In the absence of evidence, opinion is indistinguishable from prejudice.

Comment on Re^5: Did Perlmonks Ever Salt and Hash Their Password Database?

Replies are listed 'Best First'.
Re^6: Did Perlmonks Ever Salt and Hash Their Password Database? by stevieb (Canon) on Aug 18, 2016 at 01:11 UTC
I have to agree with BrowserUK here... What's preventing us from using SSL? Is it the cost? Of what? The certificate, or the implementation of one? The bigger issue... what about adding in a 'plugin' or 'layer' to when you first hit PM to do auth? I've never looked at the PM code before, but I will after my current project is completed (ie. stable for public use). I've been working on a bunch of auth scenario-type stuff at $work lately (in Python, not Perl), but perhaps we could come up with enough people to form a task force of some sort to resolve this issue. The ease of implementation of course would be determined by how deeply the existing code relies upon the mechanism(s) we now have.	[reply]
Re^7: Did Perlmonks Ever Salt and Hash Their Password Database? by Anonymous Monk on Aug 18, 2016 at 02:06 UTC
What's preventing us from using SSL? Is it the cost? Of what? The certificate, or the implementation of one? The reason for everything is gods FWIW, I can go to https://perlmonks.org and login, sure its for/with pair.com certificate, but it "works" but perhaps we could come up with enough people to form a task force of some sort to resolve this issue.... Hahaha a newborn noob, naive ** naive	[reply]
Re^8: Did Perlmonks Ever Salt and Hash Their Password Database? by BrowserUk (Patriarch) on Aug 18, 2016 at 11:13 UTC
sure its for/with pair.com certificate free certs With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday' Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". I knew I was on the right track :) In the absence of evidence, opinion is indistinguishable from prejudice.	[reply]