No announcement yet.

Search Result

2 results in 0.0060 seconds.
  • You can also choose from the popular tags.

  • vBulletin Password Handling

    vBulletin Password Handling

    Note: vBulletin Cloud sites cannot use custom password schemes at this time. The core security of your site is the User Password and how it is stored. In the beginning, vBulletin used a simple MD5 hash to represent the password. However as Floating Point Processors (i.e. GPU and ASICs) have become more powerful, this method proved to be risky and reduced security. If we significantly changed the password scheme, then users wouldn't be able to login and would need to change their passwords first. We needed a solution that was more convenient. At this point, a 3 character randomly generated salt was added to the password and it was hashed a second time. Again, technology caught up to this technique. So the salt was increased to 30 characters. Once again, technology caught up with the technique. We needed a better way to hash passwords but allow users to log in seamlessly. When PHP 5.5 was released, a new set of password hashing functions were released to help with thes...
    See more | Go to post
    Last edited by Wayne Luke; Wed 16th Jan '19, 1:17pm.

  • Using Tools.php

    Using Tools.php

    Within your vBulletin Download Package, we provide a file called tools.php, this file isn't uploaded to the server by default as it is considered to be a significant security risk. However, there are times when you need to change specific settings and aren't able to access your AdminCP directly. Uploading to the Server It is recommended that tools.php is installed in the /core/install directory. To do this, follow the steps below: Connect to your server with your favorite SFTP or SCP client. In your vBulletin package, upload the /core/install directory to your server. In your vBulletin package, find tools.php in your do_not_upload directory and upload to the /core/install directory. After Using Remove Tools.php We consider this file to be a security risk. This cannot be overstated. This file should not be stored on your server after use. It is provided as a tool of last resort. Once you have completed your tasks, you should delete it from your server. To do this, delete the /core/install/ directory. Using The Tools Point your browser to the file at /core/install/tools.php (e.g. https...
    See more | Go to post