Search found 92 matches

by ScTech
Tue Dec 10, 2013 12:51 pm
Forum: Tutorials
Topic: member not activating in user activation
Replies: 6
Views: 3662

Re: member not activating in user activation

Line 62 looks like an empty line...It could be because of the extra } on line 61. You'll need to remove it anyways for the activation id to be valid. Also, please surround code in the syntax tags. They can be located as a button above the textbox when submitting a new post. In this case it would be ...
by ScTech
Fri Dec 06, 2013 11:30 pm
Forum: Other
Topic: MITM attack
Replies: 10
Views: 3657

Re: MITM attack

Did some more research and learned that self-signed certificates unfortunately are not secure as an attacker can create a certificate of their own for your server and acquire the secret key to decrypt the data.
by ScTech
Mon Dec 02, 2013 12:29 am
Forum: Tutorials
Topic: MySQL Security
Replies: 8
Views: 4425

Re: MySQL Security

The code you posted is just using php.net's example. How do you process your login? Just one query that is vulnerable can search your entire database (depending on user permissions) however, so it may take time to spot your vulnerability. General precautions to take include: 1. Salt and hash all pas...
by ScTech
Tue Nov 26, 2013 2:00 am
Forum: General Chat
Topic: Kickstarting the activity here.
Replies: 45
Views: 18747

Re: Kickstarting the activity here.

Unfortunately any VPS that supports Java is pretty hefty in price these days. If anyone is willing to, more power to them Just anything except Simple Auth is all I have to say... Teaching live would be cool, there are a few sites out there that let you do that for free for up to half an hour if I'm ...
by ScTech
Tue Nov 26, 2013 1:43 am
Forum: General Chat
Topic: Kickstarting the activity here.
Replies: 45
Views: 18747

Re: Kickstarting the activity here.

You can create mods in JavaScript and upload them with PocketTool? It's something that begins with pocket You just compress them in a zip file I believe. It's been a while since I played pocket edition since there really aren't a lot of features yet. Minecarts are coming in 0.8.0 though. I'm not sur...
by ScTech
Tue Nov 26, 2013 1:37 am
Forum: General Chat
Topic: ASP.NET MVC 5 vs PHP
Replies: 7
Views: 7316

Re: ASP.NET MVC 5 vs PHP

Between the two there really isn't much difference. The only thing I noticed back when I used ASP.NET was that PHP could not do threading. Also, on larger scale projects, ASP.NET seemed to be more useful while PHP was better for performance (i.e. speed). There is no logical reason why one is better ...
by ScTech
Tue Nov 26, 2013 1:21 am
Forum: General Chat
Topic: Kickstarting the activity here.
Replies: 45
Views: 18747

Re: Kickstarting the activity here.

The site is definitely being paid for. That's a good sign in a way. We could always mess with the site and create a 500 error to see his email idk if he or any visitor would like it too much though. Just read through the rest of the posts and saw the popularity of Temor's minecraft thread. Minecraft...
by ScTech
Sun Nov 24, 2013 10:11 pm
Forum: PHP
Topic: API Security Check
Replies: 2
Views: 2025

Re: API Security Check

Yea sorry about that. I tried to reduce as much as possible into functions. All but the last fuction should be good to skip. Granted I could be returning arrays instead of exploding some places, and that strlen() shouldn't be there in valid_api_key(), but those are minor details that I will nullify ...
by ScTech
Sun Nov 24, 2013 4:50 pm
Forum: PHP
Topic: API Security Check
Replies: 2
Views: 2025

API Security Check

Hello. Just finished my API and I would like a security check if possible. It's not completely done as of the distributing of the API key, and downloading of the data, but what I would really like feedback on is the handling of the data. I haven't installed SSL yet so there's no forcing it yet. It's...
by ScTech
Sun Nov 24, 2013 1:40 am
Forum: General Chat
Topic: Kickstarting the activity here.
Replies: 45
Views: 18747

Re: Kickstarting the activity here.

Jacek is alive :o He fixed the search.
by ScTech
Thu Nov 21, 2013 6:30 pm
Forum: Other
Topic: MITM attack
Replies: 10
Views: 3657

Re: MITM attack

Took me a while to know what you meant You mean hashing the code inside the file, then checking the code on the user's server against it? I suppose it could work but since the user updating won't have access to the updated code before hand, the hash will have to be placed in the returned json which ...
by ScTech
Wed Nov 20, 2013 1:12 pm
Forum: Other
Topic: MITM attack
Replies: 10
Views: 3657

Re: MITM attack

Thanks for the article I guess I should start down the intended path then. I do plan to self sign or find cheaper certificates. $600~ isn't really in my budget for no source of income coming from the projects I'm working with. Even ads get cluttery and no one really wants to see them. The script is ...
by ScTech
Wed Nov 20, 2013 3:01 am
Forum: Other
Topic: MITM attack
Replies: 10
Views: 3657

Re: MITM attack

The harder it is, the more fun in my opinion Problem being that MTIM attacks can intercept any private key made before it reaches my server if I understand it correctly. I may have everything the opposite way. No matter. There wouldn't be a session id that I could make on another site and routers of...
by ScTech
Tue Nov 19, 2013 10:26 pm
Forum: Other
Topic: MITM attack
Replies: 10
Views: 3657

Re: MITM attack

Thanks, and yes it is very sensitive. I've been trying to work on auto updating of scripts by letting the user request my site via an API and read code via a temp file. Looks like I'll have to do more research and/or scrap the idea and make update scripts that can be downloaded at the site. Update: ...
by ScTech
Tue Nov 19, 2013 4:03 pm
Forum: Other
Topic: MITM attack
Replies: 10
Views: 3657

MITM attack

I'm not very experienced with MITM attacks so, a few questions if I may. 1. When using an API, is it required for both parties to have SSL for a MITM attack to be prevented? I believe I read somewhere that it was but I can no longer find it. 2. Follow up on number 1: If the party that is accessing t...
by ScTech
Tue Nov 05, 2013 7:05 pm
Forum: Tutorials
Topic: MySQL Security
Replies: 8
Views: 4425

Re: MySQL Security

Checking your support messages every day is a given. Multiple times a day is best. YES! Even if you're on a host that limits the number of emails being sent, there is no excuse. You can make your contact form insert the information into the database instead of mailing and read it through the backen...
by ScTech
Tue Nov 05, 2013 1:27 am
Forum: JavaScript
Topic: Smooth scrolling when a user clicks an anchor
Replies: 7
Views: 9315

Re: Smooth scrolling when a user clicks an anchor

Why the two document ready calls?
by ScTech
Sat Nov 02, 2013 9:55 pm
Forum: Tutorials
Topic: MySQL Security
Replies: 8
Views: 4425

Re: MySQL Security

Also, never EVER display SQL errors while users have access to your site. If for some crazy reason you disregard that advice, be sure to htmlentities(); your query if you display that as well (Why would one ever...?). Most importantly, check support messages several times a day. Reported a vulnerabi...
by ScTech
Sun Oct 27, 2013 1:58 am
Forum: General Chat
Topic: Kickstarting the activity here.
Replies: 45
Views: 18747

Re: Kickstarting the activity here.

He was on 11 days ago. If only he would just post something :(
by ScTech
Thu Oct 24, 2013 7:42 pm
Forum: Tutorials
Topic: MySQL Security
Replies: 8
Views: 4425

Re: MySQL Security

Thanks temor. Updated with an example of integer injection. My brain was slow yesterday.
by ScTech
Thu Oct 24, 2013 4:08 pm
Forum: General Chat
Topic: php.net hacked
Replies: 2
Views: 4620

Re: php.net hacked

Haha yes it does. I might just do the same later on. I believe they returned the file to its original contents. No word as of yet on the security breach being patched.