User talk:Jore

Lock without xss
>I could hack your box through this code

where is the code ?

>md5 is not safe.

to use sha512sum.


 * Assuming I enter this as a password: "; rm -rf / & echo "foo . Your code will call  with this string as argument. So local  f=popen ( string.format('echo -n "%s"|sha512sum  ',a )) will be turned into local  f=popen ('echo -n ""; rm -rf / & echo "foo"|sha512sum  ') . What do you think will happen? ;)

Being a screenlocker isn't really awesome's job, you should use a dedicated app which does the job properly. Want another proof? If you have any clients which got their "ontop" property set, they will be shown above your screen locker and can be interacted with normally. You may use this code on your own installation (but I wouldn't recommend it), but this really doesn't belong in this wiki. Also, while sha512 helps a lot, it would be a really good idea to salt the passwords, too. --Psychon 16:03, 24 June 2010 (UTC)