 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 351 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: PHP-Nuke Security GFX Mapping - Potential Risk (Score: 1)
by MadHatter on Friday, February 13 @ 00:41:35 CET
(User Info | Send a Message) http://www.bindmaker.org | I saw what you mentioned, but what I was meaning, was instead of using $datekey = date("F j"); so that the seed of the datekey was "Februrary 13" doing something like:
$datekey = date("Y-m-dTH:i:sO");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$rand_start = rand(1,26);
$code = substr($rcode, $rand_start, 6);
(just to comment on your original post) I already had a 512 bit site key on my site (over kill i know, but hey) generated from all printable ascii characters, and Have replaced original code for the gfx mapping with the above.
by "date time" I meant the actual date (which you already use in another form) and the time (hour:min:sec+tzd). (I'm using the ISO 8601 date time format for mine) so that it does not stay the same value all day, little alone between refreshes...
I'm sure Francisco had something in mind when he designed and wrote it as we now have it, but I was wondering why such a change has never been introduced? (again just curious)
--thanks |
| Parent | | | | | |
|