[thesite] My Intro and a look at a UEUE Proposal
Martin
martin at members.evolt.org
Thu Oct 18 13:52:51 CDT 2001
Daniel J. Cody wrote on 18/10/01 3:50 pm
>so little Joey Cracker that has a m.e.o account could set a cookie
>claiming he was djc and had a priv level of 4 and send himself to the
>main site to delete all of isaac's articles. fuck, he could even create
>a cookie with values like
>
>USER_NAME = djc
>USER_NAME_HASH = MD5(USER_NAME.JOEY-secret-key)
Absolutely agree that Joey C couldn't make up UEUE hashes
from scratch. The only risk is from meo account holders
who can record both values.
Cheers
Martin
_______________________________________________
email: martin at easyweb.co.uk PGP ID: 0xA835CCCB
martin at members.evolt.org snailmail: 30 Shandon Place
tel: +44 (0)774 063 9985 Edinburgh,
url: http://www.easyweb.co.uk Scotland
More information about the thesite
mailing list