Bona Fide OS Development
http://forums.osdever.net/

Forum PW's...
http://forums.osdever.net/viewtopic.php?f=15&t=163
Page 3 of 3

Author:  ctimko [ Wed Feb 02, 2011 12:44 am ]
Post subject:  Re: Forum PW's...

Not true...I DMZ'd my system to listen for a while and Comcast uses Hubs here, which explains why its soo slow and shoddy. Hubs mean that all packets are being forwarded to all destinations. If you use any public free wifi you are at risk for password. You can get a free SSL Cert from Comodo. It expires every 90days, but its well worth it :-D

Author:  ctimko [ Wed Feb 02, 2011 12:59 am ]
Post subject:  Re: Forum PW's...

JamieGBH435 wrote:
If you can see 2 lines of php code here then this hack didn't work, otherwise if you see the word "LOL" anywhere on the page then the hack worked via php injection
";echo "lol";
';echo "lol;
and the reply post routine needs looking at


Jamie,

Nearly all web-technologies protect against PHP injections, because well, that's easy. You would have to be using bad PHP development techniques to have PHP Injections work...like building the datastructs prior to running it through the PHP engine, or using a PHP page to generate a PHP page...You should only ever use PHP to generate an xHTML page, never a actual dynamic response. The important one is SQL injections, which phpBB sanitizes pretty well..there are a few very obfuscated SQL attacks that still can be done, but they require a LOT of time to figure out the intricacies of this server (what character sets PHP supports versus the HTTP daemon versus the DBMS).

Author:  brenden [ Mon Aug 22, 2011 12:43 pm ]
Post subject:  Re: Forum PW's...

I guess the only problem with SSL is setting up a dedicated IP for the server. I can add an IP for like $1/mo up to like 6 IPs. Is this something worth doing still?

Page 3 of 3 All times are UTC - 6 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/