Welcome Guest
Log In | Register )
You last visited October 21, 2021, 7:10 pm
All times shown are
Eastern Time (GMT-5:00)

Major Lottery Post security upgrade

Topic closed. 35 replies. Last post 8 years ago by Romancandle.

Page 1 of 3
PrintE-mailLink
Todd's avatar - Cylon 200.jpg
Thread Starter
50
Chief Bottle Washer
New Jersey
United States
Member #1
May 31, 2000
26445 Posts
Offline

OK, so today Lottery Post had a big security upgrade. It is something I have literally been working on for months, and today I finally made the cutover to the new security system.

This upgrade was extremely important, in the following respects:

  1. It enforces stricter passwords that are case-sensitive, and for the security-conscious can now be up to 200 characters in length. These types of passwords are great if you use a password manager (for example, LastPass) that generates random passwords for the websites where you maintain accounts. (For the record, everyone should be using a password manager like LastPass.)
  2. I have gotten rid of the ability to send yourself a password reminder, and instead I have changed the "forgotten password" feature to a change password feature. That means that it is now impossible for anyone to get a hold of your password, even if they gain access to your e-mail inbox. They can still change your Lottery Post password if they have access to your inbox (and know your LP Username), but they cannot discover the password that you used.
  3. Most importantly, I have changed the Lottery Post server so that it uses one of the computer industry's best-possible hashing algorithms — called Bcrypt — to store password hashes. Lottery Post maintains very tight security protocols, but even if someone were to find a way to hack into the Lottery Post database and steal the entire user database, there would be no way to pull out or reconstruct the passwords. If I used an older hashing scheme to store the passwords it would be possible for a hacker to use programs to work out the passwords, but not so with the hashing in place now.

A major security upgrade like this is a very large, complex undertaking, and is a project I have been very carefully working on for months. When implementing new security, there are no second chances — everything needs to go well on the first shot. So I was probably more nervous about this upgrade than anything I have done in years.

I have never had, nor do I foresee, the Lottery Post database being hacked, but then again I'm sure most of the other companies that have suffered security breaches felt that way before the intrusion. I would rather not see Lottery Post among the Web sites that had their passwords hacked, so this upgrade was entirely a proactive move on my part.

After installing the upgrades this afternoon, many of you experienced an issue with log in failing. That's because your account was not yet converted over to the new security system. (See If you can't log in, please read this, posted today at 2:11 pm Eastern Time.) At this point all the active memberships are converted over, and the system is finishing converting the rest. It will be completely finished this evening.

The security upgrades also reach into the Chat system, and I have even beefed up the security there. As someone using Chat, you'd never know the difference, but from the system's perspective it is much, much harder for a hacker to breach or exploit.

If you are interested in learning more about password security, I'd suggest Googling password salting and hashing.

Other updates

While the new security system was the biggest upgrade, there were a number of other minor things that were included in today's upgrade.

  • The VTracs Results page now separates the Illinois My3 results from the regular Pick 3 results, and the My3 VTracs history is now available by clicking on the game name on the VTracs results page.
  • There is now built-in support for Windows 8.1 start screen live tiles. If you pin Lottery Post to the Windows 8.1 start screen, you will get news updates right on your start screen. I also created support and graphics for all the new tile sizes. (Windows 8.1 will be available for Window 8 users to download in the coming months. It will be a free upgrade from Microsoft.)
  • The new spell checker that replaced the now-defunct Google spell checker was part of this upgrade, but I was able to install it two days ago rather than waiting until today.
  • I upgraded to the latest release of jQuery, as I always try to do when performing a big upgrade. jQuery is part of the code that makes up each page, so new releases often help fix bugs and increase performance in various areas.
  • I upgraded the mobile device detection to include the latest mobile devices and browsers, which helps when you browse Lottery Post uses anything other than a desktop computer.
  • A ton of other minor wording changes, tweaks, etc. Many of these minor changes have been finished for a while, but sitting around waiting for today's upgrade to install. Again, many of these will go unnoticed by most people, but they improve the overall quality of the site.

I am happy and relieved to finally get this upgrade out of the way. If you experience any problems, just drop me a note and let me know.

    konane's avatar - wallace
    Atlanta, GA
    United States
    Member #1265
    March 13, 2003
    6694 Posts
    Offline

    Thank you for all your hard work to make Lottery Post the epic site it's always been, and for keeping LP members info secure. Smile

    Have fun and the best of luck to everyone! Sun Smiley

      Win$500Quick's avatar - Lottery-050.jpg
      You play to win the game!
      Florida
      United States
      Member #77813
      August 1, 2009
      6592 Posts
      Offline

      Thank you for all your hard work to make Lottery Post the epic site it's always been, and for keeping LP members info secure. Smile

      I Agree!

        hearsetrax's avatar - alien on_computer.jpg

        United States
        Member #52343
        May 21, 2007
        3394 Posts
        Offline

        +1

          Avatar

          United States
          Member #94612
          July 24, 2010
          4735 Posts
          Offline

          OK, so today Lottery Post had a big security upgrade. It is something I have literally been working on for months, and today I finally made the cutover to the new security system.

          This upgrade was extremely important, in the following respects:

          1. It enforces stricter passwords that are case-sensitive, and for the security-conscious can now be up to 200 characters in length. These types of passwords are great if you use a password manager (for example, LastPass) that generates random passwords for the websites where you maintain accounts. (For the record, everyone should be using a password manager like LastPass.)
          2. I have gotten rid of the ability to send yourself a password reminder, and instead I have changed the "forgotten password" feature to a change password feature. That means that it is now impossible for anyone to get a hold of your password, even if they gain access to your e-mail inbox. They can still change your Lottery Post password if they have access to your inbox (and know your LP Username), but they cannot discover the password that you used.
          3. Most importantly, I have changed the Lottery Post server so that it uses one of the computer industry's best-possible hashing algorithms — called Bcrypt — to store password hashes. Lottery Post maintains very tight security protocols, but even if someone were to find a way to hack into the Lottery Post database and steal the entire user database, there would be no way to pull out or reconstruct the passwords. If I used an older hashing scheme to store the passwords it would be possible for a hacker to use programs to work out the passwords, but not so with the hashing in place now.

          A major security upgrade like this is a very large, complex undertaking, and is a project I have been very carefully working on for months. When implementing new security, there are no second chances — everything needs to go well on the first shot. So I was probably more nervous about this upgrade than anything I have done in years.

          I have never had, nor do I foresee, the Lottery Post database being hacked, but then again I'm sure most of the other companies that have suffered security breaches felt that way before the intrusion. I would rather not see Lottery Post among the Web sites that had their passwords hacked, so this upgrade was entirely a proactive move on my part.

          After installing the upgrades this afternoon, many of you experienced an issue with log in failing. That's because your account was not yet converted over to the new security system. (See If you can't log in, please read this, posted today at 2:11 pm Eastern Time.) At this point all the active memberships are converted over, and the system is finishing converting the rest. It will be completely finished this evening.

          The security upgrades also reach into the Chat system, and I have even beefed up the security there. As someone using Chat, you'd never know the difference, but from the system's perspective it is much, much harder for a hacker to breach or exploit.

          If you are interested in learning more about password security, I'd suggest Googling password salting and hashing.

          Other updates

          While the new security system was the biggest upgrade, there were a number of other minor things that were included in today's upgrade.

          • The VTracs Results page now separates the Illinois My3 results from the regular Pick 3 results, and the My3 VTracs history is now available by clicking on the game name on the VTracs results page.
          • There is now built-in support for Windows 8.1 start screen live tiles. If you pin Lottery Post to the Windows 8.1 start screen, you will get news updates right on your start screen. I also created support and graphics for all the new tile sizes. (Windows 8.1 will be available for Window 8 users to download in the coming months. It will be a free upgrade from Microsoft.)
          • The new spell checker that replaced the now-defunct Google spell checker was part of this upgrade, but I was able to install it two days ago rather than waiting until today.
          • I upgraded to the latest release of jQuery, as I always try to do when performing a big upgrade. jQuery is part of the code that makes up each page, so new releases often help fix bugs and increase performance in various areas.
          • I upgraded the mobile device detection to include the latest mobile devices and browsers, which helps when you browse Lottery Post uses anything other than a desktop computer.
          • A ton of other minor wording changes, tweaks, etc. Many of these minor changes have been finished for a while, but sitting around waiting for today's upgrade to install. Again, many of these will go unnoticed by most people, but they improve the overall quality of the site.

          I am happy and relieved to finally get this upgrade out of the way. If you experience any problems, just drop me a note and let me know.

          WOW! Not only are you leading the way in making sure this is the best site out there - you take the time to SHARE everything with us so our experience can be the best possible.  THANKS

            Avatar
            * In hot pursuit of $ *
            White Shores- California
            United States
            Member #136471
            December 12, 2012
            6741 Posts
            Offline

            OK, so today Lottery Post had a big security upgrade. It is something I have literally been working on for months, and today I finally made the cutover to the new security system.

            This upgrade was extremely important, in the following respects:

            1. It enforces stricter passwords that are case-sensitive, and for the security-conscious can now be up to 200 characters in length. These types of passwords are great if you use a password manager (for example, LastPass) that generates random passwords for the websites where you maintain accounts. (For the record, everyone should be using a password manager like LastPass.)
            2. I have gotten rid of the ability to send yourself a password reminder, and instead I have changed the "forgotten password" feature to a change password feature. That means that it is now impossible for anyone to get a hold of your password, even if they gain access to your e-mail inbox. They can still change your Lottery Post password if they have access to your inbox (and know your LP Username), but they cannot discover the password that you used.
            3. Most importantly, I have changed the Lottery Post server so that it uses one of the computer industry's best-possible hashing algorithms — called Bcrypt — to store password hashes. Lottery Post maintains very tight security protocols, but even if someone were to find a way to hack into the Lottery Post database and steal the entire user database, there would be no way to pull out or reconstruct the passwords. If I used an older hashing scheme to store the passwords it would be possible for a hacker to use programs to work out the passwords, but not so with the hashing in place now.

            A major security upgrade like this is a very large, complex undertaking, and is a project I have been very carefully working on for months. When implementing new security, there are no second chances — everything needs to go well on the first shot. So I was probably more nervous about this upgrade than anything I have done in years.

            I have never had, nor do I foresee, the Lottery Post database being hacked, but then again I'm sure most of the other companies that have suffered security breaches felt that way before the intrusion. I would rather not see Lottery Post among the Web sites that had their passwords hacked, so this upgrade was entirely a proactive move on my part.

            After installing the upgrades this afternoon, many of you experienced an issue with log in failing. That's because your account was not yet converted over to the new security system. (See If you can't log in, please read this, posted today at 2:11 pm Eastern Time.) At this point all the active memberships are converted over, and the system is finishing converting the rest. It will be completely finished this evening.

            The security upgrades also reach into the Chat system, and I have even beefed up the security there. As someone using Chat, you'd never know the difference, but from the system's perspective it is much, much harder for a hacker to breach or exploit.

            If you are interested in learning more about password security, I'd suggest Googling password salting and hashing.

            Other updates

            While the new security system was the biggest upgrade, there were a number of other minor things that were included in today's upgrade.

            • The VTracs Results page now separates the Illinois My3 results from the regular Pick 3 results, and the My3 VTracs history is now available by clicking on the game name on the VTracs results page.
            • There is now built-in support for Windows 8.1 start screen live tiles. If you pin Lottery Post to the Windows 8.1 start screen, you will get news updates right on your start screen. I also created support and graphics for all the new tile sizes. (Windows 8.1 will be available for Window 8 users to download in the coming months. It will be a free upgrade from Microsoft.)
            • The new spell checker that replaced the now-defunct Google spell checker was part of this upgrade, but I was able to install it two days ago rather than waiting until today.
            • I upgraded to the latest release of jQuery, as I always try to do when performing a big upgrade. jQuery is part of the code that makes up each page, so new releases often help fix bugs and increase performance in various areas.
            • I upgraded the mobile device detection to include the latest mobile devices and browsers, which helps when you browse Lottery Post uses anything other than a desktop computer.
            • A ton of other minor wording changes, tweaks, etc. Many of these minor changes have been finished for a while, but sitting around waiting for today's upgrade to install. Again, many of these will go unnoticed by most people, but they improve the overall quality of the site.

            I am happy and relieved to finally get this upgrade out of the way. If you experience any problems, just drop me a note and let me know.

            Anyone with half a brain can see that you take enormous pride in your creation Todd,it goes without saying that you put in the time and  effort to see it grow.This is not lost on us who visit this site and gain a certain level of satisfaction knowing that the Chief Bottle Washer is in the trenches at all times.
            As Tina Turner once sang " You Simply the best"..Thanks a lot.

              STORM's avatar - Rean
              Ga Fl Sc Nc 1010* 348 396* 444
              United States
              Member #57920
              January 23, 2008
              9669 Posts
              Offline

              OK, so today Lottery Post had a big security upgrade. It is something I have literally been working on for months, and today I finally made the cutover to the new security system.

              This upgrade was extremely important, in the following respects:

              1. It enforces stricter passwords that are case-sensitive, and for the security-conscious can now be up to 200 characters in length. These types of passwords are great if you use a password manager (for example, LastPass) that generates random passwords for the websites where you maintain accounts. (For the record, everyone should be using a password manager like LastPass.)
              2. I have gotten rid of the ability to send yourself a password reminder, and instead I have changed the "forgotten password" feature to a change password feature. That means that it is now impossible for anyone to get a hold of your password, even if they gain access to your e-mail inbox. They can still change your Lottery Post password if they have access to your inbox (and know your LP Username), but they cannot discover the password that you used.
              3. Most importantly, I have changed the Lottery Post server so that it uses one of the computer industry's best-possible hashing algorithms — called Bcrypt — to store password hashes. Lottery Post maintains very tight security protocols, but even if someone were to find a way to hack into the Lottery Post database and steal the entire user database, there would be no way to pull out or reconstruct the passwords. If I used an older hashing scheme to store the passwords it would be possible for a hacker to use programs to work out the passwords, but not so with the hashing in place now.

              A major security upgrade like this is a very large, complex undertaking, and is a project I have been very carefully working on for months. When implementing new security, there are no second chances — everything needs to go well on the first shot. So I was probably more nervous about this upgrade than anything I have done in years.

              I have never had, nor do I foresee, the Lottery Post database being hacked, but then again I'm sure most of the other companies that have suffered security breaches felt that way before the intrusion. I would rather not see Lottery Post among the Web sites that had their passwords hacked, so this upgrade was entirely a proactive move on my part.

              After installing the upgrades this afternoon, many of you experienced an issue with log in failing. That's because your account was not yet converted over to the new security system. (See If you can't log in, please read this, posted today at 2:11 pm Eastern Time.) At this point all the active memberships are converted over, and the system is finishing converting the rest. It will be completely finished this evening.

              The security upgrades also reach into the Chat system, and I have even beefed up the security there. As someone using Chat, you'd never know the difference, but from the system's perspective it is much, much harder for a hacker to breach or exploit.

              If you are interested in learning more about password security, I'd suggest Googling password salting and hashing.

              Other updates

              While the new security system was the biggest upgrade, there were a number of other minor things that were included in today's upgrade.

              • The VTracs Results page now separates the Illinois My3 results from the regular Pick 3 results, and the My3 VTracs history is now available by clicking on the game name on the VTracs results page.
              • There is now built-in support for Windows 8.1 start screen live tiles. If you pin Lottery Post to the Windows 8.1 start screen, you will get news updates right on your start screen. I also created support and graphics for all the new tile sizes. (Windows 8.1 will be available for Window 8 users to download in the coming months. It will be a free upgrade from Microsoft.)
              • The new spell checker that replaced the now-defunct Google spell checker was part of this upgrade, but I was able to install it two days ago rather than waiting until today.
              • I upgraded to the latest release of jQuery, as I always try to do when performing a big upgrade. jQuery is part of the code that makes up each page, so new releases often help fix bugs and increase performance in various areas.
              • I upgraded the mobile device detection to include the latest mobile devices and browsers, which helps when you browse Lottery Post uses anything other than a desktop computer.
              • A ton of other minor wording changes, tweaks, etc. Many of these minor changes have been finished for a while, but sitting around waiting for today's upgrade to install. Again, many of these will go unnoticed by most people, but they improve the overall quality of the site.

              I am happy and relieved to finally get this upgrade out of the way. If you experience any problems, just drop me a note and let me know.

                                                                                                     B-R-I-L-L-I-A-N-T... *Much Appreciation*

                                                                                                                           

                                                                                    STAY HUMBLE!!

               There's ONLY 1 STORM/U.N.V.ME!! Yes Nod 622*  901  189  214  689**  2576 0165*  8109  1111*   Special 534  768  107


                United States
                Member #116263
                September 7, 2011
                20244 Posts
                Offline

                Awesome work. Thumbs Up

                  Nikkicute's avatar - wi lotto3.jpg
                  Wisconsin
                  United States
                  Member #123284
                  February 17, 2012
                  4486 Posts
                  Offline

                  Thank You!!!Smiley

                    Avatar
                    Ohio
                    United States
                    Member #114634
                    August 4, 2011
                    6229 Posts
                    Online

                    Thank You Todd!! ahh even though i don't understand anything right now due to amsterdam and grey goose....but i get the gist of it and will read it later...i'm celebrating early for my birthday next week.....

                    Guaranteed to Show! 1407 2636 1719 9904 5418 7162 8138 4224 6958 1602 9040 7336 3639 0294 4115 7406 1831 9027 2512 0155 8428 5273 2440 6137 2898 7191 3467 8350 5686 9663 0095 7267 1662 7735 7938 7788 9811 9917 4247 1933 0986 2367 3703 1570 7157 0264 3844 1071 7226 1592 

                      Totem's Angel's avatar - kanji for_peace.jpg
                      Stone Mountain
                      United States
                      Member #1198
                      February 26, 2003
                      1137 Posts
                      Offline

                      Awesome!  Thanks, Todd!  :-)

                      Life is Good!  Be Blessed...~Totem's Angel~ Blue Angel

                        Astekblue's avatar - Tarlor
                        Kentucky
                        United States
                        Member #35085
                        March 12, 2006
                        10374 Posts
                        Offline

                        Well   Done     Todd     Hurray!

                         

                         

                        I can see where that would  be  a big  relief to get all that done   White Bounce

                         

                         

                        Thanks

                          jarasan's avatar - new patrick.gif
                          Harbinger
                          Maryland
                          United States
                          Member #44102
                          July 30, 2006
                          6286 Posts
                          Offline

                          Just think hashing used to be a breakfast thing!!!!!!!!

                          Thanks Todd.

                          Hyper

                            rdgrnr's avatar - walt
                            100
                            The Hall Of The Mountain Kings
                            United States
                            Member #73902
                            April 28, 2009
                            14960 Posts
                            Online

                            Thanks for all your hard work, Todd.

                            It's appreciated.

                              Avatar
                              MO
                              United States
                              Member #106923
                              February 27, 2011
                              927 Posts
                              Offline

                              Thank you soooooooo much!!!!!! Thumbs Up