Author

Topic: How secure is the forum? (Read 892 times)

sr. member
Activity: 280
Merit: 252
June 20, 2011, 05:19:36 AM
#4
How secure is the forum?

The default login does not use SSL, you need to manually change to https, how often do you remember to?

Hrmmm why is this?
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
June 20, 2011, 12:40:13 AM
#3
How secure is the forum?

The default login does not use SSL, you need to manually change to https, how often do you remember to?
administrator
Activity: 5222
Merit: 13032
June 20, 2011, 12:26:33 AM
#2
How are the passwords stored? What hashing algorithm is used?

It seems to be SHA-1 salted with the username, though I'm not totally sure.

Quote
Who has access to the database?

Gavin, Sirius, and me. Slicehost (and maybe Rackspace) also has access, since they host the server

Quote
Is the forum vulnerable to attacks? Has it been tested for security holes?

It uses SMF plus some mods and a small handful of custom changes. Hopefully SMF is well-tested and able to contain poorly-programmed mods

I did a cursory examination of all mods before installing them, but I certainly don't understand SMF enough to judge their security well.

Quote
Is there anything the users community can do to help?

Tell me privately if there are any security problems. I will fix them ASAP.
newbie
Activity: 14
Merit: 0
June 19, 2011, 11:43:24 PM
#1
Since today was not a good day for the Bitcoin community in general and MtGox in particular, I would like to ask a few questions about the security of this forum:

1. How are the passwords stored? What hashing algorithm is used?
2. Who has access to the database?
3. Is the forum vulnerable to attacks? Has it been tested for security holes?
4. Is there anything the users community can do to help?

Please feel free to add or answer any items. Thank you in advance!
Jump to: