John Wankel
Elite Poster
Coding for you one step at a time[M:0]
Posts: 399
|
Post by John Wankel on Oct 16, 2010 19:29:18 GMT
I think I get the idea of it. Do you have a preview of the PHP in action?
|
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on Oct 16, 2010 20:13:12 GMT
Yes, but I'll add colour and desighn to it first!
|
|
John Wankel
Elite Poster
Coding for you one step at a time[M:0]
Posts: 399
|
Post by John Wankel on Oct 19, 2010 7:49:32 GMT
OK! cool! I can't wait to see it
|
|
|
Post by Mark Knight Day on Oct 20, 2010 2:47:33 GMT
Goood luck!
|
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on Oct 20, 2010 3:25:59 GMT
Thanks guys, will be continuing soon.
|
|
John Wankel
Elite Poster
Coding for you one step at a time[M:0]
Posts: 399
|
Post by John Wankel on Oct 20, 2010 8:19:43 GMT
Ohhh ok.
|
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on Nov 4, 2010 8:54:21 GMT
I'm starting this up again new name as well
|
|
|
Post by ryandiamond on Nov 4, 2010 22:40:43 GMT
...what functions do you use to sanitize your data?
|
|
xcessive
Epic Poster
.[M:5000]
Posts: 526
|
Post by xcessive on Nov 5, 2010 1:01:20 GMT
...what functions do you use to sanitize your data? Its not like theres a huge amount of choice.... haha
|
|
|
Post by ryandiamond on Nov 5, 2010 2:27:57 GMT
Well, just making sure he is cleansing his data... ...and there is a lot of choices, myself, I use custom functions for this, because not one mysql_real_escape_string will do it
|
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on Nov 5, 2010 3:47:15 GMT
Just that I would say that I'm starting the coding again... now ;D
|
|
xcessive
Epic Poster
.[M:5000]
Posts: 526
|
Post by xcessive on Nov 5, 2010 3:55:21 GMT
Well, just making sure he is cleansing his data... ...and there is a lot of choices, myself, I use custom functions for this, because not one mysql_real_escape_string will do it Thats because mysql_real_escape_string is not meant to be a fix all. Why would you reinvent the wheel? Thats a very poor idea, and very prone to error. PHP has great built in functions. the mysqlescape one is made for making data safe from sql insertions. Although its extremely outdated. Use mysqli library with something like mysqlobj->prepare. Its much safer. htmlspecialchars is perfect for protection against XSS. Those are the only two that Luke would really have to worry about. The only thing left is http header injections, but thats a little complex and only really important for places that allow uploading. Which reminds me, you should protect Cyanima from them, I noticed you can spoof a http header and inject PHP files ages ago.
|
|
|
Post by ryandiamond on Nov 5, 2010 4:03:19 GMT
What is a http header injection?
And My own custom functions protect from all hacking attempts.
|
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on Nov 5, 2010 4:05:06 GMT
Use this link: tinyurl.com/2v3p4pr (sorry had to do that, I love Let me google that for you ;D )
|
|
|
Post by ryandiamond on Nov 5, 2010 4:07:35 GMT
I know what it is, I just dont see "where" the vuln is.
|
|
xcessive
Epic Poster
.[M:5000]
Posts: 526
|
Post by xcessive on Nov 5, 2010 4:09:42 GMT
What is a http header injection? And My own custom functions protect from all hacking attempts. Then how come I have the path name to your servers authorization folder? EDIT - My point is made, removed server data - Don't worry, no-one can actually hack this unless they use another trick to get a password and de-encrypt it. Which would take hours. I suggest you do better file extension checking and clean up your headers. I didn't even need to do an insertion to get this. I just viewed the raw log file.
|
|
Cam
Administrator
[M:5000]
Posts: 6,381
|
Post by Cam on Nov 5, 2010 4:23:44 GMT
You guys are raiding my thread I'll make a new thread as I will be looking for helpers etc
|
|