Recent content by Pulser

I can't really get my head round that either tbh, but it would stop sessions timing out on long posts... I am thinking right now that to use ssl would be overkill, as I can't ssl the whole site, or we have insecure elements on almost every page there's an avatar or signature image from off...

Sounds interesting... I was considering use of Google 2-factor, as Google handles the SSL of the transmission of the QR code... It would only be for staff primarily. I'm going to try get a XF licence ordered up in the next couple of days so I can start to look at the API and how easy it is to...

Oh I totally agree. MD5 is trivial to reverse using rainbow tables. Ideally, something session hashed would be used, but the key exchange problem always becomes an issue... Exchanging this key securely, and having a salted hash in the database is slightly more complex when you start to add in...

I'm considering ordering XF just now for a migration from vB. One thing I noticed while playing with a demo install on the homepage is that passwords are sent via POST to the Xenforo back-end in plaintext, and then processed there. (you can see this happen using a Firefox addon such as "tamper...