Announcement

Collapse
No announcement yet.

Real vb3 Admin Cp!

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wayne Luke
    replied
    This has gone on long enough. You have made your point. We will take it under advisement.

    Leave a comment:


  • Total Cult
    replied
    Originally posted by Radon3k
    I don't understand this Total Cult guy...Nobody said that vBulletin v3 wasn't secure, nobody at all said that. What they are saying is that there are any number of ways to get a password for the Admin CP, and once someone does have it, they can log in. If you have the correct user name and password, of course it's going to let you in.
    The point is not the security or lack thereof of vBulletin. The point is that, seeing as the vBulletin staff recommend you use an additional username and password, they could easily have included such facilities in the product itself. It's not rocket science.

    Leave a comment:


  • Knyteguy
    replied
    they actually have some handprint scanning locks/alarm systems for home security o_O Its not that expensive either, because I almost ordered it for my mom.

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by Radon3k
    That's hilarious.

    What's weird, is that one day this technology might actually exist (maybe not now or in 20 years, but some day)...
    Handprint technology and Retinal Scanners already exist. You can even get a thumbprint lock for your PC from places like "The Sharper Image". Cost is prohibitive for high quality gear though.

    Leave a comment:


  • heretic
    replied
    well this got off topic fast

    Leave a comment:


  • chrispadfield
    replied
    Originally posted by Scott MacVicar
    the worrying thing is that indeed none of the body parts need to be attached to use them. Retina or finger prints.

    But on topic the vB3 system is secure, just some admins will be a bit paranoid and like another layer of protection. I sometimes only allow certain ip ranges to access my CMS admin panel.
    As someone said, for a finger check you also check for a pulse which while possible to fake would I think be a lot harder. I would also think in the case of eyes it is probably pretty easy to tell if the eye is alive or dead; a flash of light to the eye is likely (but i don't know for sure) to have a very different response in a dead/alive person me thinks.

    Leave a comment:


  • Scott MacVicar
    replied
    Originally posted by Fusion
    You've watched too many movies.
    Ofcourse these two technologies will be linked to the actual pulse & heart-beat of the scanned individual. Since no two are exactly alike, ripping off body-parts would get you nowhere.
    the worrying thing is that indeed none of the body parts need to be attached to use them. Retina or finger prints.

    But on topic the vB3 system is secure, just some admins will be a bit paranoid and like another layer of protection. I sometimes only allow certain ip ranges to access my CMS admin panel.

    Leave a comment:


  • Fusion
    replied
    Originally posted by IDN
    Rip someones eyes out or their finger off
    You've watched too many movies.
    Ofcourse these two technologies will be linked to the actual pulse & heart-beat of the scanned individual. Since no two are exactly alike, ripping off body-parts would get you nowhere.

    Leave a comment:


  • IDN
    replied
    Rip someones eyes out or their finger off

    Leave a comment:


  • Radon3k
    replied
    That's hilarious.

    What's weird, is that one day this technology might actually exist (maybe not now or in 20 years, but some day)...

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by Radon3k
    It doesn't have a built in retinal scanner and hand print recognition (although I do believe they were thinking of adding the AI technology in there somewhere ).
    It is hoped to have the hand print technology in somewhere around version 8 and the retinal scanning in before version 12.

    However these features are dependant on hardware level technology as well.

    Leave a comment:


  • Radon3k
    replied
    I don't understand this Total Cult guy...Nobody said that vBulletin v3 wasn't secure, nobody at all said that. What they are saying is that there are any number of ways to get a password for the Admin CP, and once someone does have it, they can log in. If you have the correct user name and password, of course it's going to let you in. It doesn't have a built in retinal scanner and hand print recognition (although I do believe they were thinking of adding the AI technology in there somewhere ).

    It's unlikely that if you use one user name and password for the Admin CP and another for the .htaccess that someone will get both of them, and, if they do, then I guess you're just too easy to figure out.

    Leave a comment:


  • IDN
    replied
    Yes, use diffrent U and P's

    Leave a comment:


  • TheComputerGuy
    replied
    Originally posted by tubedogg
    Almost every web server has the ability to configure limited access to a certain directory. Since most of the world uses Apache and knows what an .htaccess file is, that is what it is referred to as.

    vBulletin does not ship with an .htaccess file - if you want to use it you must add it yourself. It is, however, common sense to protect something as much as possible when it is sensitive.

    I'm not going to continue arguing with you about it. If you want to use it, do so. If you don't, fine.
    Amen, protect the directory, vBulletin is great, but its unlikely someone will get both passwords and usernames.

    Leave a comment:


  • tubedogg
    replied
    Originally posted by Total Cult
    I think you're missing the point somewhat - the point being that if it didn't need htaccess it wouldn't have htaccess.

    All htaccess is is just another username and password. What is to stop vBulletin implementing that itself? i.e. you would have:

    Username: ____________
    Password: ____________
    ACP Password: _______________

    And what if I don't use Apache? Doesn't look to good for me then, does it?
    Almost every web server has the ability to configure limited access to a certain directory. Since most of the world uses Apache and knows what an .htaccess file is, that is what it is referred to as.

    I think you're missing the point somewhat - the point being that if it didn't need htaccess it wouldn't have htaccess.
    vBulletin does not ship with an .htaccess file - if you want to use it you must add it yourself. It is, however, common sense to protect something as much as possible when it is sensitive.

    I'm not going to continue arguing with you about it. If you want to use it, do so. If you don't, fine.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X