Navigation

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Popular
    • Tags
    • Users
    • Groups
    1. Home
    2. lulzdev
    • Profile
    • Following
    • Followers
    • Topics
    • Posts
    • Best
    • Groups

    lulzdev

    @lulzdev

    Sometimes i have to try to wake up: but nodebb isnt a dream, its real!

    10
    Reputation
    57
    Posts
    840
    Profile views
    0
    Followers
    0
    Following
    Joined Last Online

    lulzdev Follow

    Posts made by lulzdev

    • RE: Maximum password length: DOS Potential

      Appreciate the responses.
      If login is where the potential lies, then CAPTCHA would certainly take care of it.

      posted in Technical Support
      lulzdev
    • RE: Maximum password length: DOS Potential

      That is not a bad idea. My concerns lie in the creation of an account where it has you make a password.

      I barely know what I am talking about, buy in theory 1 very large string could cause some performance issues on the server end. Whether that be from encrypting, storing, or pulling the password.

      I have seen 14 gig notepad documents with just strings of characters for Brute forcing, so I suppose the same could be used for initiating a Denial of Service.

      posted in Technical Support
      lulzdev
    • Maximum password length: DOS Potential

      An excerpt from: http://www.tomsguide.com/us/django-long-password-security,news-17557.html

      "A double-edged sword

      In the case of a brute-force attack, the attacker is trying to gain access to the system. But the developer found that if the attackers are just trying to mess things up, they could go to Django's login page and repeatedly submit hundreds of extremely long "junk" passwords of thousands of characters or more.

      Having to check all these junk passwords against the stored cryptographic hashes puts a heavy strain on Django's system and eventually overtaxes it.

      The result is essentially a denial-of-service attack, which is when attackers bombard a server with website hits or other requests that, when combined, eventually bring the server offline.

      There haven't been any known attacks that used this method. Nevertheless, Django has since patched this vulnerability by setting a limit on password length: 4096 bytes, or around 4,096 of the characters found on a keyboard. The updated version is available on Django's website. So what's the takeaway? Users should keep using long passwords. Developers, however, should be aware that strong password security could become a double-edged sword."

      Going through the admin options and realized that there is not an option for a maximum password length.

      I have seen, previously, this feature having its purpose questioned (https://github.com/NodeBB/NodeBB/issues/261), indicating it used to be a thing.. however it does not appear to be now. Does anybody know why?

      julianlam created this issue in NodeBB/NodeBB

      closed Remove maximum password length restriction #261

      posted in Technical Support
      lulzdev
    • RE: Lost all my data ? Help please

      I second this. A keyword based community Wiki would be a great idea. A process like configuring or securing redis is definitely something everyone should know, and being able to locate it, without work from other users is a good idea, that will educate many, and inconvenience few, as there will be there duplicate posts and questions.

      posted in Technical Support
      lulzdev
    • Unread-count subcategory indications

      Hello all,

      Simple question; did not see it posted yet.
      How can one incorporate an unread-count, indicating the count for a specific subcategory? For instance, the Announcements category, or a subcategory within.

      I have created a new navigation option, directing to a subcategory, but I would like to have an unread count appear on that option, but I need it to only show how many are unread in the specific section. I played around in the admin panel, to no avail, and any assistance would be greatly appreciated.

      Thank you.

      posted in Technical Support
      lulzdev
    • RE: [slush-nodebb-plugin] NodeBB New Plugin Generator - Request for feedback

      Hmm, was it CSS in the custom section then?(rather than making template changes instead?) I remember someone talking about causing slowdowns in that custom section.

      posted in NodeBB Plugins
      lulzdev
    • RE: [slush-nodebb-plugin] NodeBB New Plugin Generator - Request for feedback

      @pitaj
      It was my understanding that that was a method that reduces the speed of your site. A reduction in speed that could be mitigated by using plugins.

      posted in NodeBB Plugins
      lulzdev
    • RE: [slush-nodebb-plugin] NodeBB New Plugin Generator - Request for feedback

      many javascripts would require a custom plugin to use with Nodebb, the more plugins you use the more expensive developing becomes. One that comes to mind offhand is the javascript meme generator. Just trying to understand the new hotness everyone is happy about. 🙂

      posted in NodeBB Plugins
      lulzdev
    • RE: [slush-nodebb-plugin] NodeBB New Plugin Generator - Request for feedback

      Any chances of this new tool being able to wire up javascripts to work with nodebb? 😮

      Opening up easy access to javascripts directly as nodebb plugins, rather than secondary installs, would be a giant leap forward.

      posted in NodeBB Plugins
      lulzdev
    • RE: Wikipedia

      lulz 😘

      posted in General Discussion
      lulzdev