Thread: Password Code Problem
View Single Post
Old Aug 2nd, 2005, 1:23 AM   #20
hydroxide
Programmer
 
Join Date: Apr 2005
Posts: 73
Rep Power: 4 hydroxide is on a distinguished road
Quote:
Originally Posted by Cerulean
It's not the godsend you think it is Sane. Is no one else seeing the flaw with that? You've got a direct string comparison. Anyone with a decompiler can easily change that test (from == to !=) and there you have it - no need to enter the correct password. Much less effort than trying to brute force the password or whatever. There's just no real point in pursuing this further.
If they have write access there is, of course, no security. I was thinking more from the standpoint of them potentially having read-access but not write access...)

--OH.
hydroxide is offline   Reply With Quote