Archive for January, 2008
How to add CAPTCHA to Joomla!’s com_contact component
The Dev team has just released Joomla! 1.5 stable. This is great news (after two and a half years of development we finally can use the new baby in production environment) but I’ve seen that an old problem hasn’t been solved yet: people still get a lot of spam due to a weak (or nonexistent) mechanism to check if the e-mails sent through com_contact are from real people or spambots.
The beauty of open source is that anyone can change and improve a piece of software. So, here’s my $0.02: changing com_contact to make it can work with your favorite Captcha Plugin! (all files are downloadable at the end of this article)
Read more
Improve Magento’s security with salted passwords
Long time without new posts in my english blog 
sorry about that guys. I’ve been busy with the portuguese blog (wich gives me more feedback than this one…)
Last week I discovered Magento. This is the best opensource eCommerce I’ve seen so far. Unfortunately I haven’t seen to much activity by the core (three days and no commits in the SVN repository and none tested my sugestions to the code..). I guess it must be the holidays.
Anyways, the beuty of opensource is collaboration. So I started doing my part and implemented salted password in Magento.
Why?
We all know that Rainbow Tables are getting bigger and bigger everyday and while studying magento’s code I realised that they were storing password using a simple md5() function. That can be quite dangerous specially for a ecommerce software :).
In a couple hours I came up with this simple solution to implement salted passwords without messing Magento’s Core package (although you will need to change the database, so PLEASE!! I’M BEGGING YOU TO CREATE A BACKUP BEFORE TRYING THIS!)
Here is the README file:
Salted Passwords in Magento
—————————-This is a hack. There are no guarantees that your system will remain working smoothly
Install
——–1 - Make sure you change the size of your password field. You may run something like this in your MySQL:
ALTER TABLE `admin_user` CHANGE `password` `password` VARCHAR( 60 )
2 - Sign in in Magento admin (this is important because you’ll need to create a new user to start using salted passwords)
3 - Untar/Unzip this file in your root magento folder (all files will be placed under /community/ directory so u won’t loose anyting if it doesn’t work)
4 - Create a new magento user and give him administrator privileges (your current user won’t work anymore unless you change its password)
FAQ
—-Q - I cannot login anymore!
A - I TOLD YOU TO LOGIN BEFORE UNZIPPING, you cannot login because the current users don’t use salted passwords and the new authentication method does. Here’s a workaround for this problem:- Go to your phpMyAdmin (or any other software you use to manage your MySQL database)
- Browse the admin_user table
- Change your user’s password to: 5cf88201ea7be9037b934ec850c01a89:pQEuqfwbpJ
- Your new password is “changeMe” (without quotes)
- Login and change your password to the old one.
Now that you’ve read the README file you are ready to download and try salted passwords for Magento 0.7.1800
Download it here and let me know if it worked for you as well as it worked for me 
