Search found 92 matches
- Tue Dec 10, 2013 12:51 pm
- Forum: Tutorials
- Topic: member not activating in user activation
- Replies: 6
- Views: 3662
Re: member not activating in user activation
Line 62 looks like an empty line...It could be because of the extra } on line 61. You'll need to remove it anyways for the activation id to be valid. Also, please surround code in the syntax tags. They can be located as a button above the textbox when submitting a new post. In this case it would be ...
- Fri Dec 06, 2013 11:30 pm
- Forum: Other
- Topic: MITM attack
- Replies: 10
- Views: 3657
Re: MITM attack
Did some more research and learned that self-signed certificates unfortunately are not secure as an attacker can create a certificate of their own for your server and acquire the secret key to decrypt the data.
- Mon Dec 02, 2013 12:29 am
- Forum: Tutorials
- Topic: MySQL Security
- Replies: 8
- Views: 4425
Re: MySQL Security
The code you posted is just using php.net's example. How do you process your login? Just one query that is vulnerable can search your entire database (depending on user permissions) however, so it may take time to spot your vulnerability. General precautions to take include: 1. Salt and hash all pas...
- Tue Nov 26, 2013 2:00 am
- Forum: General Chat
- Topic: Kickstarting the activity here.
- Replies: 45
- Views: 18747
Re: Kickstarting the activity here.
Unfortunately any VPS that supports Java is pretty hefty in price these days. If anyone is willing to, more power to them Just anything except Simple Auth is all I have to say... Teaching live would be cool, there are a few sites out there that let you do that for free for up to half an hour if I'm ...
- Tue Nov 26, 2013 1:43 am
- Forum: General Chat
- Topic: Kickstarting the activity here.
- Replies: 45
- Views: 18747
Re: Kickstarting the activity here.
You can create mods in JavaScript and upload them with PocketTool? It's something that begins with pocket You just compress them in a zip file I believe. It's been a while since I played pocket edition since there really aren't a lot of features yet. Minecarts are coming in 0.8.0 though. I'm not sur...
- Tue Nov 26, 2013 1:37 am
- Forum: General Chat
- Topic: ASP.NET MVC 5 vs PHP
- Replies: 7
- Views: 7316
Re: ASP.NET MVC 5 vs PHP
Between the two there really isn't much difference. The only thing I noticed back when I used ASP.NET was that PHP could not do threading. Also, on larger scale projects, ASP.NET seemed to be more useful while PHP was better for performance (i.e. speed). There is no logical reason why one is better ...
- Tue Nov 26, 2013 1:21 am
- Forum: General Chat
- Topic: Kickstarting the activity here.
- Replies: 45
- Views: 18747
Re: Kickstarting the activity here.
The site is definitely being paid for. That's a good sign in a way. We could always mess with the site and create a 500 error to see his email idk if he or any visitor would like it too much though. Just read through the rest of the posts and saw the popularity of Temor's minecraft thread. Minecraft...
- Sun Nov 24, 2013 10:11 pm
- Forum: PHP
- Topic: API Security Check
- Replies: 2
- Views: 2025
Re: API Security Check
Yea sorry about that. I tried to reduce as much as possible into functions. All but the last fuction should be good to skip. Granted I could be returning arrays instead of exploding some places, and that strlen() shouldn't be there in valid_api_key(), but those are minor details that I will nullify ...
- Sun Nov 24, 2013 4:50 pm
- Forum: PHP
- Topic: API Security Check
- Replies: 2
- Views: 2025
API Security Check
Hello. Just finished my API and I would like a security check if possible. It's not completely done as of the distributing of the API key, and downloading of the data, but what I would really like feedback on is the handling of the data. I haven't installed SSL yet so there's no forcing it yet. It's...
- Sun Nov 24, 2013 1:40 am
- Forum: General Chat
- Topic: Kickstarting the activity here.
- Replies: 45
- Views: 18747
Re: Kickstarting the activity here.
Jacek is alive He fixed the search.
- Thu Nov 21, 2013 6:30 pm
- Forum: Other
- Topic: MITM attack
- Replies: 10
- Views: 3657
Re: MITM attack
Took me a while to know what you meant You mean hashing the code inside the file, then checking the code on the user's server against it? I suppose it could work but since the user updating won't have access to the updated code before hand, the hash will have to be placed in the returned json which ...
- Wed Nov 20, 2013 1:12 pm
- Forum: Other
- Topic: MITM attack
- Replies: 10
- Views: 3657
Re: MITM attack
Thanks for the article I guess I should start down the intended path then. I do plan to self sign or find cheaper certificates. $600~ isn't really in my budget for no source of income coming from the projects I'm working with. Even ads get cluttery and no one really wants to see them. The script is ...
- Wed Nov 20, 2013 3:01 am
- Forum: Other
- Topic: MITM attack
- Replies: 10
- Views: 3657
Re: MITM attack
The harder it is, the more fun in my opinion Problem being that MTIM attacks can intercept any private key made before it reaches my server if I understand it correctly. I may have everything the opposite way. No matter. There wouldn't be a session id that I could make on another site and routers of...
- Tue Nov 19, 2013 10:26 pm
- Forum: Other
- Topic: MITM attack
- Replies: 10
- Views: 3657
Re: MITM attack
Thanks, and yes it is very sensitive. I've been trying to work on auto updating of scripts by letting the user request my site via an API and read code via a temp file. Looks like I'll have to do more research and/or scrap the idea and make update scripts that can be downloaded at the site. Update: ...
- Tue Nov 19, 2013 4:03 pm
- Forum: Other
- Topic: MITM attack
- Replies: 10
- Views: 3657
MITM attack
I'm not very experienced with MITM attacks so, a few questions if I may. 1. When using an API, is it required for both parties to have SSL for a MITM attack to be prevented? I believe I read somewhere that it was but I can no longer find it. 2. Follow up on number 1: If the party that is accessing t...
- Tue Nov 05, 2013 7:05 pm
- Forum: Tutorials
- Topic: MySQL Security
- Replies: 8
- Views: 4425
Re: MySQL Security
Checking your support messages every day is a given. Multiple times a day is best. YES! Even if you're on a host that limits the number of emails being sent, there is no excuse. You can make your contact form insert the information into the database instead of mailing and read it through the backen...
- Tue Nov 05, 2013 1:27 am
- Forum: JavaScript
- Topic: Smooth scrolling when a user clicks an anchor
- Replies: 7
- Views: 9315
Re: Smooth scrolling when a user clicks an anchor
Why the two document ready calls?
- Sat Nov 02, 2013 9:55 pm
- Forum: Tutorials
- Topic: MySQL Security
- Replies: 8
- Views: 4425
Re: MySQL Security
Also, never EVER display SQL errors while users have access to your site. If for some crazy reason you disregard that advice, be sure to htmlentities(); your query if you display that as well (Why would one ever...?). Most importantly, check support messages several times a day. Reported a vulnerabi...
- Sun Oct 27, 2013 1:58 am
- Forum: General Chat
- Topic: Kickstarting the activity here.
- Replies: 45
- Views: 18747
Re: Kickstarting the activity here.
He was on 11 days ago. If only he would just post something
- Thu Oct 24, 2013 7:42 pm
- Forum: Tutorials
- Topic: MySQL Security
- Replies: 8
- Views: 4425
Re: MySQL Security
Thanks temor. Updated with an example of integer injection. My brain was slow yesterday.
- Thu Oct 24, 2013 4:08 pm
- Forum: General Chat
- Topic: php.net hacked
- Replies: 2
- Views: 4620
Re: php.net hacked
Haha yes it does. I might just do the same later on. I believe they returned the file to its original contents. No word as of yet on the security breach being patched.