>Those look really funny, anyone know the what algorythm is used, i >suppose
>it's the standard db2 function, but haven't tried that yet.

.. because of the column type this is just a hexadecimal representation ..
you can easily convert it to char ...

> > 3) "Password-Reminders"
>Actually these are the answers of the authentification questions, >asked
>for
>confirming the user's identity (which hints that the passwords may be
> >decryptable)

... once you got the right answer you are able to change or at least reset
the password .. and .. thats the trick :)

>I just confirmed that on Net.Commerce 3.1.2 and it's a really nasty >bug.
>One may query virtually any data from the db from almost any
>macro (default & custom). I don't believe it's an error in
>net.data.

... it is def. a "classic" "no-input-validation" :-) hole ...

rc

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]