they only take it down if it breaks the replit tos, which hardly ever happens to a user. The worst I got was one of my projects broke the replit tos and the worst they did was remove it from the community. They did not completely delete it, I can still use it.
I believe as a buffer.
Having an insecure password system is better than having none at all, if it’s well implemented. I could make people have only 3-character numerical passwords for my service, and it is still safer than having no passwords (despite being very easy to crack).
You guys!
Poor sarpnt was just trying to sympathize with 800 about his unreasonable parents by listing other unreasonable demands they might make for "real programming" and the sarcasm flew right over your heads so you're beating him up about details.
uhh?oh whoops
@sarpnt, sorry if my post came off as condescending or rude or as trying to pick a fight. That was not my intent, and I just wanted to understand why you said that passwords are of no use if they aren’t secure.
About the Replit thing- as you said, it’s not hosting a website yourself (how do people do that? I don’t know!), but you can run code with it in multiple languages, which in my mind makes it a proper environment. Even if it is hosted by a big company. This is similar to Google’s Colab.
passwords aren't just useless when they aren't secure, they're actively dangerous.
imagine for example if snap just stored usernames, emails, and passwords as a text file on their server. if someone tricked one of the staff or hacked in, they would know everyone's usernames, emails, and passwords.
here's some of the many dangerous things that would result from this:
- every account on snap would be known by everyone and the snap website would be unusable for a good while (making the passwords pretty much useless)
- someone could send emails to absolutely everyone on snap, able to sell the emails to spammers and phishers, and to do it themselves.
- many people reuse passwords or have similar passwords and it could be used to tell how to get into their other accounts, possibly even their email which basically guarantees access to everything. even if they have good passwords or a password manager, it reveals which one it is and how best to attack them
This is true. A huge tech corporation would want to spend as much time as they need to make sure their password system is 100% secure because they store things like emails and other website's passwords.
In the scenario I devised, the passcode (000-999) is easily crackable. However, this is a fine solution for a website like an anonymous chat program. For example, you could send messages as any number on the site.
All this is to say, depending on a project's intended use case, passwords/codes/whatever may not need to be secure.
This is largely already true, at least all the accounts that have published projects. And the part about email addresses, I think, is kind of a red herring; you're talking about why passwords should be encrypted, which doesn't imply encrypting other random stuff in the database.
Insecure passwords for low-risk sites such as ours become really problematic only when people use the same password for multiple sites.
Extending on what @bh said about the email part, you can use something like the Rijndael Algorithm to encrypt email addresses without worrying about brute force attacks.
You don't need to!replit shows code to you!which includes plain text passwords!
Oh then ill force a password of 123456(turn the input into a hidden which disables input unless hecker looks at inspect element)
ive got attacked before like this lol
then i used 123456 on every insecure password blank
it only takes like 5 lines of code to hash a password i don't see how it isn't worth the effort
For python:
import hashlib
import base64
def hash(txt):
return base64.b64encode(hashlib.sha3_512(txt.encode()).digest()).decode('utf-8')
print(hash('Hello, World!'))
five lines wow
idk either
just too l8zy
i saw that message and still got lazy
lol
If you want I can send the Rijndael Algorithm as well.
laziness isn't an excuse for making dangerous code
Oh then ill force a password of 123456(turn the input into a hidden which disables input unless hecker looks at inspect element)
what's the point of coding if you're trying to avoid it at every step? i don't get how someone can get all into lambda calculus and abstract concepts but can't just delete the code for an unused password system or even better consider something better than a broken login system.
Ok I admit the only reason with that laziness is cuz im not making login websites now and i need to do that Mindustry remake attempt restart - #11 by 18001767679
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.