[thesite] My Intro and a look at a UEUE Proposal

Martin martin at members.evolt.org
Thu Oct 18 13:52:51 CDT 2001


Daniel J. Cody wrote on 18/10/01 3:50 pm

>so little Joey Cracker that has a m.e.o account could set a cookie 
>claiming he was djc and had a priv level of 4 and send himself to the 
>main site to delete all of isaac's articles. fuck, he could even create 
>a cookie with values like
>
>USER_NAME = djc
>USER_NAME_HASH = MD5(USER_NAME.JOEY-secret-key)

Absolutely agree that Joey C couldn't make up UEUE hashes
from scratch. The only risk is from meo account holders
who can record both values.

Cheers
Martin

_______________________________________________
email: martin at easyweb.co.uk             PGP ID: 0xA835CCCB
       martin at members.evolt.org      snailmail: 30 Shandon Place
  tel: +44 (0)774 063 9985                      Edinburgh,
  url: http://www.easyweb.co.uk                 Scotland





More information about the thesite mailing list