If you are new to domains and looking to buy, sell and learn about domains then you have come to the right place. DNForum is the largest domain name community on the internet and continues to grow every day. There are over 105,000 domainers on DNForum doing everything from buying domains, selling domains, learning about domains and discussing domains. Take a minute and Register.
Register Today on DNForum IT'S FREE!
I'm on two occasions cached my self logged-in , when i was logged out
the last one is just a minutes ago
somebody spies on me ??
What do you mean by seeing youself logged in?
The "who is online" is usually time based. If you log out, you still might see yourself in the "who is online" for a while (I don't know how long but some of my forums it's over 30 minutes).
If you have DNF up on more than one PC (I know I'm still logged on at home), if you log off one of them you'll still be logged onto the other (I could log off here @ work and still see myself logged in).
Did you log out, clear your cache, then when you went back to DNF you were still logged in? (This would be an issue with your cookies / cache cleaning - I'd run a malware check if this is the case).
As far as I know, moderators cannot log in as other members here but if someone has your password then they could. If its not too secure or you haven't changed it in a while, I'd advise you to change it (to something completely different) and see if it continues to happen (also log out and back in w/ the new password on any PC you use to check out DNF).
Save the wolves - join The Wolf Army today!
Please follow the rules or suffer the wrath of Thor's Hammer.
hm, okay, maybe it's cache, so mods can't login to your acc, yea?
Unless you give one of them (well, any member) your password (which would be a violation of many rules and would get both members banned).
Run some good malware checks - SpyBot Search & Destroy, Ad-Aware etc..
Also, the "who's online" features aren't always 100% accurate. I've been on and not seen myself but on other forums I've seen myself online even though I'm logged out.
Save the wolves - join The Wolf Army today!
Please follow the rules or suffer the wrath of Thor's Hammer.
I think even Root on this server can not log into your account because passwords are stored encrypted (?)
I have PM disabled. You can email me: denny startseek com
ThankYouDHL.com
cool, thanks, running a boat now- already found some diseases -Originally Posted by draggar
"memedia.advantage"
Anyone with direct access or shell access to any server can see anything they want, if they want to bad enough.. Just have to go look at the sql db and view the data directly. I seriously doubt mods have that kind of access though..
All offers good for 72 hours except running auctions
Progeria Research | Pulmonary Fibrosis | Dammit!
Last edited by domain newbie; 05-27-2008 at 09:37 AM. Reason: Automerged Doublepost
That's only for administrators though, not for mods. It comes in handy when you're starting a forum and want to create posts under multiple usernames to make the forum look busier.
Well they can see ENCRYPTED data if application is programmed correctly.Anyone with direct access or shell access to any server can see anything they want, if they want to bad enough.. Just have to go look at the sql db and view the data directly. I seriously doubt mods have that kind of access though..
I have PM disabled. You can email me: denny startseek com
ThankYouDHL.com
Perhaps. But again, if they have *direct* access to the server, they also have access to the hash. Or why bother when you could simply clone the database & application, put it on another server & just reset the users password then go in as them. The important things here are direct access, and how badly someone wants to see something.
Also, think of the server load to encrypt/decrypt *everything* all the time. Most developers just encrypt the passwords.
All offers good for 72 hours except running auctions
Progeria Research | Pulmonary Fibrosis | Dammit!
AFAIK the passwords are hashed -- not encrypted.
HTTP is not a persistent connection - it only knows the CLIENT is still connecting to the server when the CLIENT makes a new request.
The CLIENT sends a request to the SERVER for information (usually a webpage), the SERVER processes the request and replies to the CLIENT, sending whatever is the relevant response (usually a webpage).
That is the end of the communication, and they do not communicate again until another request is sent by the CLIENT. Clicking a hyperlink is the most common type of request on the web.
Thus, the only option the SERVER has for figuring out when a CLIENT has left is to assume that the CLIENT has left the system after a certain amount of time has passed with no new request received. This is generally referred to as a "time to live".
Forums (and most membership systems for HTTP) operate on SESSIONS, which store information about your user account on the server, and are stored on your local computer as a cookie (text file) with a SESSION ID that is your ticket back into your SESSION on the SERVER (your account, basically), without LOGGING IN everytime you want to access a page.
So if the "time to live" variable is set to 30 minutes, you will appear in the "logged in users" displays for 30 minutes after your last request on that website.
The only exception to this is if you specifically LOGOUT. With this request, you are specifically telling the server to close your session as you are finished using the system.
Just to add a note about passwords
Passwords are mostly encrypted using what's called a one-way hash - the SHA1 algorithm more recently, earlier the MD5 (wikipedia for more on that). These hashes will produce everytime the same hash of a given password. The one-way is a means by which they are practically impossible (really really really ridiculously tough) to un-hash. So, even if an administrator looks at the database all they see are a bunch of password hashes (ab23jfak3f39fksixiw03, something to that effect). When you submit your password to a user system, it will hash your password and compare it to the hash in the database.
That's not to say an evil administrator couldn't store your unencrypted password somewhere, if they wanted to. However, unless they're hoping you use the same password at every site so they can login elsewhere, it's pointless as they can view everything that gets posted to the site by direct server access anyhow.
Moderators and other users on the other hand, wouldn't have any way to access this information unless the administrator specifically gave them access.
So in short, use different strong passwords for every separate place on the web that's important to you (Paypal, Banking, Registrars, etcetera).
Hope that helps
Last edited by harleyx; 05-27-2008 at 01:49 PM.
If it sounds too good to be true, post it on DNForum and you'll find some suckers!
yea, i actually specifically loggin out and it would say- all cookies are cleared
so i would think there are spies, but heck, they wont find anything there anyways
i don't mind admins doing that for whatever reasons, but don't want any mods being able to do that
You guys are always famous of being off topics.
The answer is no - Mods can't do that - End of the story.
Thanks,
John
HotWebTools.com
Enamemart.com - Great Names For Sale
CampusHut.com - Students Social Networking
AAV.net AVU.net DGV.net EIE.net FEQ.net FVV.net GOY.net HFB.net MNV.net
OAU.net OEA.net OOD.net OOM.net SUO.net UYO.net VHO.net XHN.net
Posting Permissions
View Profile
View Forum Posts
View Forum Threads
View Friends
View Blog Entries
Bookmarks