Jump to content

Cloudflare and Passwords


Ran

Recommended Posts

For those who are not aware, Cloudflare is a service that allows sites to speed up response times and cache a lot of data to save bandwidth. We have used it successfully these last years, reducing our bandwidth overhead by about half, which has helped reduce our costs.

Unfortunately, a bug in their HTML parser has, over the last six months, occasionally dumped plain text data that could includes e-mail addresses, passwords, etc. to the web. My understanding is that this bug depended on certain features that they offered being turned on, but as far as I can see we did not use said features.

Besides that, the server doesn't really store your passwords -- it stores hashes made from those passwords, which in theory would take years of computer time to decrypt.

All that said, while I believe from what I've read that chances are very low the memory collisions that led to plain text files being dumped and cached by search engines (which have since dumped those caches) has led to any compromise of security here on the forum (or the Wiki), it is generally good practice to change your password regularly, and we would recommend changing your password in the particular case that your password here is shared across other, more sensitive sites (such as Facebook and other social media, or mail servers).

 

 

 

Link to comment
Share on other sites

We've just received word from Cloudflare that no data from Westeros.org has appeared in search engine caches related to the bug, but that they are continuing to review and will notify us should they find anything

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...