 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 348 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: PHP-Nuke Security GFX Mapping - Potential Risk (Score: 1)
by MadHatter on Thursday, February 12 @ 22:06:24 CET
(User Info | Send a Message) http://www.bindmaker.org | here's a stupid question, just because I'm curious as to why you did this the way you did it (and I think I know why, but want to hear the actual reason).
why not get a date/time value to add to the salt, and or use a random value between 1-26 for the substring block of the code?
I know there are 7 ways from sunday that you could implement a security code (including getting a longer code to type in as well as using the ascii value of the random numbers to print out or use all printable ascii characters), but I just wanted to know the methodology in why you implemented what you have (great job btw ;) |
| Parent | | | | |
Re: PHP-Nuke Security GFX Mapping - Potential Risk (Score: 1)
by inkydink1234 on Friday, February 13 @ 07:32:08 CET
(User Info | Send a Message) | You say "Please ensure you understand how the code works, because your explanation is not correct"
As usual, your 'holier' than thou' attitude keeps you from seeing facts that don't agree with your perception of the world.
Look at the code yourself, Paul, because mt_rand is called EVERY time PRIOR to gfx being called. It is one of the value pairs that are passed TO gfx. That is why selecting refresh 100 times produces 100 different values. That makes the value of sitekey much less relevant.
And as to your question "With that said, what have you done to help improve the security holes and issues in the PHP-Nuke community?", here again, you seem to think that you hold the keys to the kingdom and to the pulse of the community. Yes, your site is large and does a good work. But, there are many who do much and contribute much to that work behind the scenes and don't seek the glory and ego trip that you do. Even on your own 'staff'. There are many other support sites out there too, and together they form a support ring. But none dare challenge the great and awful 'Oz' of nukedom. You would do much more for the community if you would quit purporting yourself to be the self acclaimed security and nuke god. |
| Parent | | | | | |
|