Hello and welcome to our community! Is this your first visit?
Register
Page 1 of 2 12 LastLast
Results 1 to 10 of 19
  1. #1
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Versions two security under test.

    Well i'm - re working over the login code this is vital to stop against hacking attempts.

    I want to a big thanks to LiquidSword and Surreal for finding the major flaw in Version 1. This flaw allowed anyone to login to anyones portal account. This has been secured i've also added some nice form validation script to stop javascript or legal hacks.

    - Adam

  2. #2
    Fanatic Enthusiast


    Join Date
    Oct 2005
    Location
    630
    Posts
    3,221
    Ok hope that works because people could log on ur acount and say stuff to get u banned which would suck and Nice Job on all the work u have done to V2

  3. #3
    Dedicated Member
    Join Date
    Aug 2005
    Location
    777
    Posts
    934
    Wow, Anyone could log onto my portal acount (shoked_) Oh well, It's a good thing that was found. Thanks DD I'm Hoping you get V2 up without a problem, Thanks again for all the work you put into this website.

    -stickster

  4. #4
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271
    np, its was a very harm ful bug that slipped my eye, alot of new security has been added so we should be safe.

  5. #5
    Enthusiast Surreal's Avatar

    Join Date
    Jun 2005
    Location
    Edmonton, Alberta, Canada.
    Posts
    1,723
    yes, i actually did a test and logged into alot of peoples accounts and screenshotted it. you could also log into accounts that diddnt exist, for instance i logged in as "reomergl0000000"

    yeah, whack.
    but its gonna be fixed now thanks to Darkdemon! ^_^

  6. #6
    Senior Member
    Join Date
    Jun 2005
    Posts
    410
    Wow, that is creepy. ANyway, congradulations, and hope the site is up soon.

  7. #7
    Fanatic Enthusiast Gray's Avatar


    Join Date
    Jun 2005
    Location
    Merry Ol' England
    Posts
    4,919
    you could log into other peoples accounts? whoa, i feel, so, un-safe. lol )
    [center:1galr654][/center:1galr654]
    [center:1galr654]SOCIALLY AWKWARD ALAN[/center:1galr654]

  8. #8
    Veteran Enthusiast Slashed's Avatar



    Join Date
    Jun 2005
    Location
    Portsmouth, UK.
    Posts
    7,587
    Quote Originally Posted by ItsAlmostSurreal
    yes, i actually did a test and logged into alot of peoples accounts and screenshotted it. you could also log into accounts that diddnt exist, for instance i logged in as "reomergl0000000"

    yeah, whack.
    but its gonna be fixed now thanks to Darkdemon! ^_^
    once i accedently did that, i logged on as S....with the same password....and it worked, i even thought my account was messed so changed the avatar on it. quite scary.

    But, sounds great that your fixing it, no more S.

  9. #9
    Dedicated Member
    Join Date
    Oct 2005
    Location
    Bom Chicka Wha Wha
    Posts
    615
    do you mean that anyone can log on into anyone's acount
    a gift form Bahamut


  10. #10
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271
    Quote Originally Posted by Qwert
    do you mean that anyone can log on into anyone's acount
    Thats correct it was possible on version one, I figured it out after going over some of v1's code it appear it was writing to many sessions from the login and not checking to see if the password was correct even though a warning was displayed.

    In version two I have added some javascript to protect both user name and passwords fields from sql and php attacks, i've also re - writting the session code, its alot more stable.

    Although i'm carrying out further tests.

    - Adam


 
Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •