Foundation Requiring Strong Passwords

[Cory]

Most of the time it was just guessing the password. This was in a time when we weren't aware how important a good password was. So often it was just easy to guess.

I found the post by John in case you're interested in reading it: https://forum.jcink.com/index.php?showtopic=31044&view=findpost&p=216478

 

[Arantor]

document.cookie could access the password hash? WHY? WHY WOULD YOU EVER DO THAT

HttpOnly was a sensible addition but it also didn't exist back in 2004 so had to be a later addition.

And yes, doHTML is entirely a bad idea unless you load it up with something like HtmlPurifier but that will break all the shonky non-standard codes people add to their posts etc.

 

[Cory]

document.cookie could access the password hash? WHY? WHY WOULD YOU EVER DO THAT

I guess people were clueless back then until the web started becoming more standardized and articles and documentation started popping up everywhere.

 

[Arantor]

That's the thing, 2004 was already well into the era of articles and documentation and have-a-go-heroes. In many ways that period is peak bad PHP practices being written out as guides.

 

[Cory]

That's the thing, 2004 was already well into the era of articles and documentation and have-a-go-heroes. In many ways that period is peak bad PHP practices being written out as guides.

Well, I was 14 at the time, so I know I was clueless.

 

[Arantor]

Consider that IPS wasn't even Matt M's first attempt at writing a forum software at that point in time. Ikonboard predated Invision.

 

[Cory]

Consider that IPS wasn't even Matt M's first attempt at writing a forum software at that point in time. Ikonboard predated Invision.

How old was he when he produced Ikonboard?

 

[Arantor]

Well, the first version of Ikonboard debuted in 1999 and I think Matt was already in his early 20s by that point (though Ikonboard was written in Perl not PHP, though the security implications are no different in practice), with Invision's first version debuting in 2002.