Airtime User Accounts
  • Vote Up0Vote Down mrkrotosmrkrotos
    Posts: 51Member
    Two issues that have been bugging me, the usernames in Airtime are case sensitive and if some characters are used in user passwords do not work.
    Had a few issues with users using uppercase letters in usernames that cause the invalid user / pass error.
    Also if you use a # in your password it never logs in, there may be many more.
  • 6 Comments sorted by
  • Vote Up0Vote Down Voisses TechVoisses Tech
    Posts: 1,423Member
    needs a tool tip .I assumed

    most databases now have valid checks ,so certain characters are not allowed

    read here http://php.net/htmlspecialchars

    and so I have a general rule
    do not start with any of these like & # $ and also a number  in entering a database or html field

    because once is a validation check it will be ignored  or converted

    Post edited by Voisses Tech at 2015-07-05 20:07:29
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • Vote Up0Vote Down mrkrotosmrkrotos
    Posts: 51Member
    While I agree with that, I was a bit suprised that AT isnt coded round it to store them in the db.
    After all, with out any spesh chars we cant make our passwords very strong? am I correct in thinking that AT has no brute force password hacking protection?
  • Vote Up0Vote Down mrkrotosmrkrotos
    Posts: 51Member
    Plus for me I found it very frustrating when AT allowed me to set such passwords for users, but found they could not connect when trying to do live shows.
    Maybe I missed something somewhere about password policies in AT?
    Either way, not a huge issue now I am aware of it. More concerned about security than anything else.
  • Vote Up0Vote Down Voisses TechVoisses Tech
    Posts: 1,423Member
    Don't Live Your life in paronoia

    Que Sera, Sera

    If you are worried about security then computers is not the right field.
    There are script kiddies all over who are titillated by making life miserable not just be careful but I think you misunderstood me

    The Airtime team takes security issues seriously,there is even a special thread for it https://forum.sourcefabric.org/categories/airtime-security

    and you can make it better ,"If you Know something ,Shout out everything"

    Now you can take some precautions like

    • Develope proper firewall policies
    • Create additional listen ports,so you accect requests from multiple ports see icecast xml
    • Develope load-balance and reverse proxy settings
    • Do not use common passwords like password,pass,1234,or anything you place on social media
    • use at least one capital letter,at least 2 numbers,one non reserved chacter like(+,@,_^) and make your passwords no less than 14 characters
    • Change passwords regularily and do reused or use the same password on multiple sites
    • Try to elliminate/disable the use of admin or administrator and where you have to install fail2ban
    • Do not expose more than you can afford to lose,so do not use streaming servers as home servers to stre personal information

    No combination of these guarantee you security in fact everyday people are being thought how bypass securites and intead of taking this and make a better system.Crazy heads set to make life miserable

    but by default the Zend Framewaork has a number of security features and databases are getting better.

    This along with the Airtime team should give you a level of confidence,that makes you sleep like a baby

    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • Vote Up0Vote Down mrkrotosmrkrotos
    Posts: 51Member
    Paranoia is my day job :)
    No seriously it is, I am a senior systems engineer for a large UK trade association :D
    I did have a look for any AT password info but failed, I did see that area of the forum but not much in there tbh

    I have put a load of security in front of the AT server aswell as nailing down the local firewall.

    Just thought it was worth mentioning as its also a pain with regards to maintaining user accounts only to find they cant login as AT doesn't recognize the passwords even though they are correct.

    I tested a duplicate of my live system in my test lab and it didnt seem to mind me trying to brute force it. Was hoping it would lock me out for 5 minutes or something after 3 or 5 failed attempts.
    Post edited by mrkrotos at 2015-07-07 16:28:02
  • Vote Up0Vote Down Voisses TechVoisses Tech
    Posts: 1,423Member
    Ok So I think most of us who trained originally with windows have a misconception that we can make all things secure and safe.I will just ASSUME (Ass of U and ME) for argument sake that we all had our first touch of computers in the windows world.

    Now I hear Government and countries putting people information in the cloud,might as well just put it on the walls of every street or dump in a trash can .

    But always remember this once you have anything on the internet,you either live your life in paranoid or just go take your vacation and release the stress because ,you could have the world of authentication and validation and random generation,next week someone is almost hacking at it.So if your organization policy is "cloud it " just do not make it mad you.

    In my days we had

    • Frame Relays 
    • Site to Site  and Point to Point Routers
    • Intranets and SAN (Small Area networks)
    In today's world 
    its all on the Internet so forget privacy  and security

    I once ask my Partner "Why do you like to wear my type of Briefs and Boxers" to which the Reply "it Makes my Ass look Firm"

    The Internet is like bikini,it looks Sexy but all of you are exposed

    So no wonder the Article in today's is "Granny Panties are Back"

    Until we really realised that we all are  exposed then do not stress your self and be paranoid the doctor will only be eating your money for stress related sickness like high blood pressure.


    Now on the concept of trying 3 times or more and not being locked out.I think this is the most annoying and ill advice form of security.

    It allows DDOS.because all  some sick person will do is sit there and  prevent you from access your data.

    If you are going to have a lock out policy you must have a means of reset (which creates another issues) .So should you not do anything.

    I found if you can have a cms authenticate the persons first,then they are pointed to the page a better deterrent than a simple lock out policy.

    which helps with Jack the ripper just ripping through your authentication.like two locks .

    Many firewall now have OS identifiers so you can determine how to allocate your traffic and with geolocaters you can add greater level of security

    Post edited by Voisses Tech at 2015-07-08 11:09:06
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
Add a Comment