Comments | iluvsheep: LJPrivateer: Password Issues

iluvsheep

LJPrivateer: Password Issues

Dec 20, 2005 18:21

The Name
So, apparently there has been some discontent over the LJPrivateer, perhaps some of which spurred by the name itself (a program by any other name?). Just to clarify, the name was meant as a pun, Privateer in a literal sense is simply someone (or something) that makes things private, such as LJ entries. Of course, it's funny because there is ( Read more... )

Comments 8

arisrabkin December 21 2005, 01:39:52 UTC

https means that the http connection is tunneled via SSL--and therefore is decently immune to packet sniffing.

jeffspender December 21 2005, 03:15:26 UTC

Heh, you don't have to apologize about the name, I was just teasing. ;)

Thanks for the source, will definintely take a look... and then for extra assholish-cs-major points bitch about it not being in python...

iluvsheep December 21 2005, 15:54:56 UTC

Ya, I sort of figured. But then again, I could see how you and possibly others would be put off by the name and the picture (which I thought was rather cute).

I actually thought about writing it in python. The thing is that I already wrote quantum mafia in python, and this would be pretty much the same thing. I sort of wanted to learn how to write webpages in perl's cgi framework instead of writing another in python's. Also, I liked the look of perl's "LWP::UserAgent" and couldn't immediately find a nice equivalent in python (though I am sure that one has to exist).

kushali December 21 2005, 03:42:32 UTC

Cool, thanks.

I may look at unicode but I may not. I was more suprised that my journal was in unicode. I wonder what I was smoking when I set it up that way.

iluvsheep December 21 2005, 15:47:15 UTC

Actually, if you created your journal after a certain date, unicode became the default encoding for all entries unless you went into the preferences and changed it.

My main journal has everything in Western I-... something, but the new journal that I made for testing purposes had everything in unicode originally, which really messed with me for a while until I figured out what had changed.

fitek December 21 2005, 07:56:25 UTC

Without the HTTPS, you're just sending the username/password as plain text over the network. Same as telnet. Easy to sniff.

Using POST is better than GET. With GET, the password would be passed in the URL. Badness. In POST, it is inside the message sent to the server.

Here's a link on MD5: http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

Anyhow, without some sort of two way communication, yes you could just grab the traffic coming past and resend it yourself.

triath December 21 2005, 20:44:47 UTC

Sweet deal! Thanks, I'll definitely check it out later. :]