Geekzone passwords in plain text

✨ Quic broadband | Samsung | AliExpress | Wise | Sharesies | GoodSync | Free white papers

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › Geekzone › Geekzone passwords in plain text

1 | 2

richms

28193 posts

Uber Geek

Trusted

Lifetime subscriber

#292939 25-Jan-2010 18:45

Send private message

Cookies are just as easy to harvest as browser history, so if you are staying logged in, any malware could take the cookie and flick it back to the botnet master to get in here on your currently saved details or current session.

Richard rich.ms

freitasm

BDFL - Memuneh
79310 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#292940 25-Jan-2010 18:48

Send private message

I have changed the scripts so the password won't show as part of a URL anymore - unless you guys have it saved in the bookmark.

As for the cookies - yes, this was discussed at length in the other thread, and unless we work on something like a session token that changes on every page view, then your information will always be "available". I am still not convinced that a single token solves the impersonation problem, unless the entire session is always encrypted and there isn't an option for automatic login.

Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync

freitasm

BDFL - Memuneh
79310 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#301745 24-Feb-2010 09:25

Send private message

Ragnor: @freitasm password in the url is worse than only in a cookie because cookies are only sent to the domain they are for by the browser.

3rd party pages/sites/severs can potentially read browsing history including visited urls via various methods (javascript, activex, flash, referrer etc).

We released a change yesterday that will now use session variables for automatic login. Also the login page is using POST instead of GET as I mentioned in my previous post. As a result, you won't see credentials in any URL anymore, even automatic login.

However if you have a bookmark to the login.asp URL with credentials as parameters it will still login but as said it will show in logs, etc.

Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync

Ragnor

8223 posts

Uber Geek

Trusted

#301816 24-Feb-2010 14:37

Send private message

Good changes, thumbs up!

1 | 2

News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

RSS feeds: Main feed; Forums feed
Copyright: ©2002-2025 Geekzone®

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Affiliate links: Samsung; AliExpress; Wise; Sharesies; GoodSync

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright