Vladimir Panteleev
Vladimir Panteleev
What `.htaccess` file? There are currently no `.htaccess` files in this git repository.
Servers don't have `.htaccess` files, they have configuration files (usually with a `.conf` extension). > But is it safe? The directive instructs web browsers that web pages served with that...
Can you post a HAR from a login attempt? (Open the network console, try to log in, then right click in the request list and select "Save all as HAR")....
> Do you happen to know? Well, since Jacob doesn't seem to have time to keep track of the activity in their project, I guess you can keep creating issues...
> This being the permanence of the random login token, which allows an attacker infinite time to generate a matching token via a rainbow table lookup or even bruteforce. Following...
Blocked by #214. Could be ameliorated by changing the `.ini` file back to a `.php` one, but doesn't solve the larger issue, just the most urgent one.
Practically all web apps will always have a separate, non-versioned file where configuration is stored. For example: - MediaWiki has a `LocalSettings.php`, which is intended to be created and edited...
> Remember that this version of Hashover is not ready for release, it's a development version. Of course. That doesn't get in the way of helping make a list of...
- See also: #15