How secure is the forum? | Bitcointalksearch.org

gigabytecoin

sr. member

Activity: 280

Merit: 252

Quote from: Bit_Happy on June 20, 2011, 12:40:13 AM

How secure is the forum?

The default login does not use SSL, you need to manually change to https, how often do you remember to?

Hrmmm why is this?

Bit_Happy

legendary

Activity: 2114

Merit: 1040

A Great Time to Start Something!

How secure is the forum?

The default login does not use SSL, you need to manually change to https, how often do you remember to?

theymos

administrator

Activity: 5222

Merit: 13032

Quote from: bitcoin.monger on June 19, 2011, 11:43:24 PM

How are the passwords stored? What hashing algorithm is used?

It seems to be SHA-1 salted with the username, though I'm not totally sure.

Quote

Who has access to the database?

Gavin, Sirius, and me. Slicehost (and maybe Rackspace) also has access, since they host the server

Quote

Is the forum vulnerable to attacks? Has it been tested for security holes?

It uses SMF plus some mods and a small handful of custom changes. Hopefully SMF is well-tested and able to contain poorly-programmed mods

I did a cursory examination of all mods before installing them, but I certainly don't understand SMF enough to judge their security well.

Quote

Is there anything the users community can do to help?

Tell me privately if there are any security problems. I will fix them ASAP.

bitcoin.monger

newbie

Activity: 14

Merit: 0

Since today was not a good day for the Bitcoin community in general and MtGox in particular, I would like to ask a few questions about the security of this forum:

1. How are the passwords stored? What hashing algorithm is used?
2. Who has access to the database?
3. Is the forum vulnerable to attacks? Has it been tested for security holes?
4. Is there anything the users community can do to help?

Please feel free to add or answer any items. Thank you in advance!

Topic: How secure is the forum? (Read 888 times)