| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Comments:
<0> the url http://www.host41.com/orbno/?mod=hello
<0> its very odd, i dont think its the webhost it must be cause its late and im dizzy lol, i pasted the line im doing everything right?
<1> are you including mod?
<0> when I take the or die... off the include line it works fine :|
<1> jesus christ dude.
<1> Dont make me smack you.
<0> why?
<0> you see it?
<0> lol
<1> Does the word 'security' mean a thing to you?
<0> not atm
<0> im getting a concept script atm
<0> and what is so bad about my script lol
<1> Whats your script have to do with an automatic teller machine?
<0> ?
<1> I didnt think they used php on atms
<2> myconid: worse: microsoft
<1> itrebal: my atm had a windows update flashing up the other day..
<2> gawd...
<2> i'm so glad i dont use those :)
<1> looked like windows 2000
<1> diebold atm
<2> yea, its Windows 2000 ATM Edition
<1> is there really an atm edition?
<0> myconid, there isnt really security problems its has removeslashes :|
<2> myconid: yea :P
<1> surfdue: ... that doesnt matter.. its absolutely horribly retarded to include a file like that.
<2> myconid: whats he doing?
<0> how do yuo suggest i do it?
<1> itrebal: include($_GET[something); basically
<0> itrebal: include('includes/' . $mod . '.mod.php') or die('There is no such module named: ' . $mod); ??
<1> (where $mod = $_GET[mod]
<0> $mod is going through stripslashes ? lol.
<1> surfdue: do *NOT* ever, for any reason, do that.
<0> why!
<0> lol
<1> Its insecure as hell.
<0> show me how to do it then
<1> make index.php
<1> page1.php
<1> page2.php
<0> ya?
<3> what's the difference between "number of visits/pages/hitsS" ?
<1> on index.php, insert <a href="page1.php">this is page 1</a>
<3> I get pages, i get hits, but visits?
<3> isn't visits and hts the same thing?
<2> "ejwoxihsadf'j"ZX" - me falling asleep on my keyboard
<1> tek_: ... whats that have to do with php?
<0> myconid that dosnt do what i need it to do.
<2> tek_: i guess the difference could be different people, or different hits period
<1> surfdue: What you are doing is extremely Newbesque programming.. and VERY dangerious.
<2> well, i'm off to bed
<4> myconid: i love that term
<0> myconid how is it insecure?
<1> thx.
<0> strip slashes disallows them to change dirs?
<1> surfdue: your ****ing including a file in a website that I p***ed via url.
<0> it only takes from includes folder
<1> not to mention its ugly
<1> and unprofessional
<1> and ugoly
<5> surfdue: does stripslashes strip unicode as well?
<0> so no one is seeing it
<1> CryWolf: no..
<0> not sure crywold
<0> well how do i make it secure huh myconid?
<4> myconid: hes making a point :)
<1> surfdue: ya know how tonya harding had her knees smashed in befor ethe olympics?
<0> ..
<1> your tonya harding.. and including off a url like that is you getting smashed in the knees.
<4> haha
<1> we need a faq about bad website design
<1> though arguably I did it once too.
<1> a long long time ago
<1> but atleast I used an array
<1> and validated input
<6> tonya harding did the knee smashing btw
<1> fleckz: whatever.. what comes around goes around
<6> lol
<4> myconid: i do something similar to it, i generate an array and then see if its in the array, if it is, i use the array's value
<5> surfdue: check to see if $_GET['mod'] is one of a number of predefined values. If it's an exact match, go ahead and include it.
<1> itrebal_sleep: I still think its a pretty poor way to do things (in general).. I suppose there might b e a good reason for it
<4> myconid: depends how its applied.... alright, really, this time, i'm going to bed
<1> lates.
<0> is_file('includes/' . $mod . '.inc.php')
<1> please.. for the love of god.. stop talking.
<1> your making it worse.
<0> crywolf so is_file('includes/' . $mod . '.inc.php') is adequite?
<5> surfdue: no.
<0> technically yes? because it checks the exact folder for the exact filename.
<0> that is secure..
<5> surfdue: no, it doesn't.
<0> ok so it dostn do what it says.
<1> surfdue: repeat after me.. never trust the input from a user.
<0> itrebal thats the code in panelone it must not be secure ;)
<1> surfdue: you can make an arrayt of keywords to websites..
<1> but dont do it directly.
<1> whatever panelone is..
<5> surfdue: you'd be amazed how many scripts are utterly insecure.
<1> but i wouldnt doubt it is insecure.
<4> surfdue: the code i wrote in panelone *was* secure, then it was screwed arround with
<0> myconid, first of all this variable wont be viewed, it will be hidden in a series of html pages, using .htaccess
<0> ..
<0> ;)
<5> surfdue: it will be viewed.
<0> well whatever well just see if someone hacks us..
<1> awesome security policy.
<1> thats like not wearing leather until you crash your motorcycle..
<5> you need to put a disclaimer up for all your customers that you have a reactive security policy.
<1> Dont encrypt your creditcards either
<1> might as well make it easy to get all your info at one time
<4> in fact, store them in a flatfile DB in the web-root
<4> search them with client-side javascript
<1> called creditcards.inc.php
<1> hahahahahah
<7> better creditcard.inc
<1> A fairly decent sized ecom site around here runs off an access database
<1> w/ php
<1> they do over 10mil/month in sales
<4> myconid: lol, i came back 'cause at the time i forgot to turn off my 'highlight' script where you say my name, it beeps through my speekers wtill i react :(
<4> except... spelled right
<4> night
<0> first of all the even if they got out of the includes dir, the file has to have the extension .mod.php for them to hack it.
<0> lol
<1> surfdue: if you say so
<1> I need a local dennies
<8> yuck
<8> you definitely don't
<7> how many of you uses strip_tags when going to mysql and knowing that html tags are not needed?
<9> I have a question... I'm trying to write a perl regular expression, but it's not working. I want it to match any string with letters/numbers that is of the length {1,28}
<9> i wrote "/([:alnum:]){1,28}/"
<9> can somebody help me?
<1> 1 or 28?
<1> What is orbno?
<1> sounds like a dotbomb to me
<10> [:alnum:] doesn't work in preg
<10> [a-zA-Z0-9]
<9> Dragnslcr: what should i use then? (a-zA-Z0-9)?
<9> ahh
<1> Dragnslcr: that woulda saved me some time if I knew that
<9> haha you got me
<9> thanks
<10> \w would also work if you want to include _
<9> Dragnslcr: thanks buddy, you're a life saver
<11> how can you make a combo box post data into a mysql table?
<11> hi RainMkr...thankyou for the help you gave me the other day...it helped out a lot
Return to
#php
or
Go to some related
logs:
kubuntu permisions
#sdl
ubuntu libical package
mkfs -t vfat /dev/sda
PL_memory_wrap DBD::Sybase
#math
opencubicplayer ubuntu
etch raid mkraid
#oe
#centos
|
|