Let's take the emphasis away from the website for a moment and look at how the internet itself works.
The Internet is a huge web of interconnected servers all over the world, hence why it is called the world wide web.
When you establish a connection with an Internet Browser to a website, that connection is not direct to server, it is in fact indirect via many different servers.
When information is sent across the internet, the route it takes is governed by the fastest route, and not the most direct route.
IE. It may be quicker for information you send from say Bristol to London to go via several servers in an in-direct route via Manchester, Scotland, York, Cardiff, Exeter, Plymouth, Portsmouth and so on.
Any information you send goes through all these servers and is therefore visible.
It is possible that any information you send can be intercepted en-route on one or more of these servers.
The use of an SSL secured and encrypted connection with any website, means that the information that is sent across the web is encrypted using a 128-bit algorithim and therefore cannot be 'seen' as it passed from server to server.
Therefore any forum website that you enter a password into, dependant on where in the world it is, could have that information bouncing of hundreds of servers before it reaches its destination.
So, back to this forum and the discussion on passwords.
As far as I am concerned, I'm not worried about entering my password into this forum, or any forums that I am a member with, as I use different passwords for different forums and the email address they are all associated with is what I call my junk email address. I use several email address for different Internet related activities, such as forums, ordering goods, internet banking, etc.
Taking into account the amount of servers that the information is sent via before it reaches EOS, worrying about how the password is stored I think is a bit on the paranoid side, don't you agree? How do you think criminals are caught who download illegally, as the information they are downloading passes through various servers, which also store the IP address of that persons PC. That's also how PC's are attacked on the Internet, beacuse every time you connect, the world can see your PC.
This goes for all other discussion based forums, how many use a 128-bit SSL encryption method for their log in procedure? I've never seen one, and I've been using the Internet since before it's birth, when it was called usenet and BBS when we logged into servers to use their open Bulletin Boards, the ancestors of forums. And back then we used acoustic couplers to connect direct to the server we wanted to use, as modems didn't exist.
And if we want to go on credentials and what we do, or used to do, I'm 41 and have been in the IT sector, in one form or another, since I was 16, and started programming on a Sinclair ZX81 whilst still in School, and used Teletypes when at college to programme machines that would take up the space of small kitchens
I'm not saying I know everything, but I know a lot and have probably forgotten more than most people will ever really understand when it comes to IT.
Cor! I feel really old now!
Pointless worrying about passwords on forums when you think about everything I have said, don't you agree?
This message was last edited by TechNoApe on 26/08/2009.