686 posts
  • Has been part of the Envato Community for over 3 years
  • Has referred 10+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 1+ items on Envato Market
+3 more
ZtarrZound says

Good stuff.

177 posts
  • Has been part of the Envato Community for over 3 years
  • Has referred 10+ members
  • Has sold $5,000+ on Envato Market
  • Has collected 50+ items on Envato Market
+1 more
xdkd says

https when? I can’t believe such important site still does not have https.

2188 posts
  • Located in Europe
  • Made it to the Authors' Hall of Fame
  • Had an item featured on Envato Market
  • Participated in a focus group or interview to improve the user experience on Envato Market
+10 more
revaxarts says

https when? I can’t believe such important site still does not have https.

+1

754 posts
  • Has referred 10+ members
  • Has sold $5,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Pulled off some great moustache to raise money or awareness for Movember Australia
+4 more
EliIsakov says

Good to know :)

8377 posts Community Moderator
  • Has referred 10+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 50+ items on Envato Market
  • Attended one of our Meetups around the world
+9 more
MSFX Moderator says

ah I was wondering why I was logged out :)

3437 posts
  • Has sold $5,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 4 years
+1 more
organicbee says

it was logging me out when I was switching between marketplaces(its not anymore) just a heads up if anyone else was having the issue

3787 posts Community Moderator
  • Helps us moderate the forums
  • Contributed a tutorial on Tuts+
  • Located in Netherlands
  • Made it to the Authors' Hall of Fame
+9 more
Joost Moderator says

oo how do you track that? edit: ah. pulled apart _fd_sesion – hmm wonder if chrome syncs cookies between computers? * end random babbling *

Seems like an edge for cookiethieves :o Then again, I don’t really see the brute-force issue to begin with. As long as the server implements a delay of say 1 or 0.5 second per login attempt (which is hardly noticable for a legitimate user), that would cause as much as a 7 character password to be quite infeasible to crack. Can anyone enlighten me? Or it a parallel request attack that makes this feasible regardless of the millions of required requests? Or would that cause an effect similar to a DDoS and backfire on the attackers?


ah I was wondering why I was logged out :)

Same :P It’s for a good cause though :)

3310 posts
  • Provided great contribution to our forums
  • Nominated Community Superstar of the month
  • Helps us moderate the forums
  • Has been part of the Envato Community for over 5 years
+18 more
dtbaker Moderator says

Then again, I don’t really see the brute-force issue to begin with. As long as the server implements a delay of say 1 or 0.5 second per login attempt (which is hardly noticable for a legitimate user)

when you get a bot farm set on cracking a password with brute force, a delay might not do much. you can still fire off multiple requests at once, just have to wait slightly longer for the response.

if there are 10,000 current password guesses getting fired at the server, then the server has to keep those 10,000 requests open while the delay runs. it wouldn’t really achieve anything with the delay other than putting more load on the server. your question actually fired me off for a half hour googling session about the different types of server limits when talking about concurrent connections, quite interesting stuff!

I have put delays on login failures in my little php scripts in the past. Not sure why, never really researched it. Don’t bother any more with it as we have recaptcha and the like :)


Or would that cause an effect similar to a DDoS and backfire on the attackers?

haha probably. set bot farm to crack password. oh noes the datacentre is now off the grid.

3310 posts
  • Provided great contribution to our forums
  • Nominated Community Superstar of the month
  • Helps us moderate the forums
  • Has been part of the Envato Community for over 5 years
+18 more
dtbaker Moderator says

@chendo while ur at it, is it hard to make the “Logout” button kill the users session on ALL marketplaces? not just the one they click logout on?

392 posts
  • Has referred 10+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Contributed a free file of the month
+2 more
starbugsound says

Signing in is so much more comfortable now… Although it is reasonable that it makes things a little safer, but it was sometimes really painful to enter all those captures thousand times a day ;-)

Helpful Information

  • Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
  • Open a support ticket if you would like specific help with your account, deposits or purchases.
  • Item Support by authors is optional and may vary. Please see the Support tab on each item page.

Most of all, enjoy your time here. Thank you for being a valued Envato community member.

Post Reply

Format your entry with some basic HTML. Read the Full Details, or here is a refresher:

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody

:grin: :shocked: :cry: Complete List of Smiley Codes

by
by
by
by
by
by