• What are you working on? v6
    4,671 replies, posted
[QUOTE=Sharpshooter;31678223][url]http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/[/url][/QUOTE] 'the right way', yet he uses ext/mysql, doesn't use the HMAC variant of hash functions, repeats code all over the place and uses two separate keys in $_SESSION - one for userid and one for valid.
I would like to provide a counter argument but I can honestly say I have no idea what your talking about! Is it atleast a decent method of creating a login system?
So really, the final question for me, should I use salt for login systems or SHA512 is enough?
[QUOTE=Crhem van der B;31684867]So really, the final question for me, should I use salt for login systems or SHA512 is enough?[/QUOTE] you should use bcrypt with a unique salt for each user [editline]12th August 2011[/editline] or DES. DES is cool.
[img]http://i.imgur.com/xCJdk.png[/img] I'm gonna be rich I can feel it [editline]12th August 2011[/editline] Shut up it's minimalist
Took a peek at the source code to Gazelle, the engine that powers what.cd, broadcasthe.net and a bunch of other popular linux distro trackers. [b]Every[/b] single page is like this. [img]http://i.imgur.com/uFzN1.png[/img] That's literally all the code that is on /anything.php. Here's an excerpt classes/script_start.php. This is what actually dispatches the requests: [img]http://i.imgur.com/CJoDW.png[/img] [i]whyyyy???[/i]
Coming up with a design for my web dev/computer site... I can't think of what to put in the little space below the site name. Ideas? [thumb]http://dl.dropbox.com/u/36965208/test.jpg[/thumb]
[QUOTE=SataniX;31688639]Coming up with a design for my web dev/computer site... I can't think of what to put in the little space below the site name. Ideas? [thumb]http://dl.dropbox.com/u/36965208/test.jpg[/thumb][/QUOTE] I don't like it :( Diavlo isn't the right font for the rest of your layout, and I wouldn't really use it for a site of this nature anyway Also, the grey decoration thingy is too cluttered and busy, it would look pretty nice if it was more simple
So you think I should use a different font for everything except the logo? And make the background pattern larger? Or simpler?
[QUOTE=SataniX;31689167]So you think I should use a different font for everything except the logo? And make the background pattern larger? Or simpler?[/QUOTE] I just don't like the font in general, but I suppose it would be okay for just the logo. I think you should make the pattern have less lines Also, if you want to have the line separating the navigation from the rest of the site, have the navigation thingies all in a straight line rather than in that shape
What's with the alternating menu font size?
[QUOTE=Jelly;31691670]What's with the alternating menu font size?[/QUOTE] It think it's meant to look like the item in the middle is at the front and then the items on either side are behind it and so on
[url]http://mc.braxnet.org/upload/info.php?file=cjnp2n.jpg[/url] Some inline file info, tell me if it can be exploited.
Nothing you can really do with this, but I'm not sure you intended for this: [url]http://mc.braxnet.org/upload/info.php?file=.htaccess[/url] [url]http://mc.braxnet.org/upload/info.php?file=./[/url] [url]http://mc.braxnet.org/upload/info.php?file=../f/[/url] [url]http://mc.braxnet.org/upload/info.php?file=../upload/info.php[/url] [url]http://mc.braxnet.org/upload/info.php?file=../upload/upload.php[/url] Etc...
[QUOTE=yngndrw;31695232]Nothing you can really do with this, but I'm not sure you intended for this: [url]http://mc.braxnet.org/upload/info.php?file=.htaccess[/url] [url]http://mc.braxnet.org/upload/info.php?file=./[/url] [url]http://mc.braxnet.org/upload/info.php?file=../f/[/url] [url]http://mc.braxnet.org/upload/info.php?file=../upload/info.php[/url] [url]http://mc.braxnet.org/upload/info.php?file=../upload/upload.php[/url] Etc...[/QUOTE] dont allow the first character to be a dot :v:
Oh yeah right forgot that you could place it anywhere.
[QUOTE=Giraffen93;31692119][url]http://mc.braxnet.org/upload/info.php?file=cjnp2n.jpg[/url] Some inline file info, tell me if it can be exploited.[/QUOTE] [url]http://mc.braxnet.org/upload/info.php?file=jd1vqv.jpg[/url] [editline]13th August 2011[/editline] also i made this, it is quite useful: [url]http://charlie.bz/albumart.rhtml[/url]
[QUOTE=tanraga;31703267][url]http://mc.braxnet.org/upload/info.php?file=jd1vqv.jpg[/url] [editline]13th August 2011[/editline] also i made this, it is quite useful: [url]http://charlie.bz/albumart.rhtml[/url][/QUOTE] [url]http://charlie.bz/albumart.rhtml?artist=Maroon+5&album=Songs+About+Jane[/url] Holy shit it works
Going to try to finish up Gradstr and get it somewhat working next week, so hopefully I'll have something nice to post :v:
[QUOTE=tanraga;31703267]also i made this, it is quite useful: [url]http://charlie.bz/albumart.rhtml[/url][/QUOTE] [url]http://charlie.bz/albumart.rhtml?artist=Greenday&album=%22[/url] Yeah I know it's not directly exploitable, but you should make it display some grotesque image if someone tries to do that. :v:
[QUOTE=EJay;31706462][url]http://charlie.bz/albumart.rhtml?artist=Greenday&album=%22[/url] Yeah I know it's not directly exploitable, but you should make it display some grotesque image if someone tries to do that. :v:[/QUOTE] it's not exploitable at all, that's just lastfm's api giving a 400 bad request
[QUOTE=taragna;31706552]it's not exploitable at all, that's just lastfm's api giving a 400 bad request[/QUOTE] Why did tanraga just get banned? [editline]13th August 2011[/editline] Get on IRC fuck.
[QUOTE=EJay;31706584]Why did tanraga just get banned? [editline]13th August 2011[/editline] Get on IRC fuck.[/QUOTE] exploiting the forums, same with me :(
[QUOTE=EJay;31706584]Get on IRC fuck.[/QUOTE] i am on irc [editline]13th August 2011[/editline] just not yours
[QUOTE]* charlie :End of /WHO list.[/QUOTE] You're not in #rwc. [editline]13th August 2011[/editline] [QUOTE=taragna;31706595]just not yours[/QUOTE] Exactly.
[thumb]http://horobox.co.uk/u/Reag_1313288703.png[/thumb] Spent way too much time on this, still needs editing in some parts.
[QUOTE=EDDY TT;31712720][thumb]http://horobox.co.uk/u/Reag_1313288703.png[/thumb] Spent way too much time on this, still needs editing in some parts.[/QUOTE]That looks awesome, and awesome that you're using xenForo.
[QUOTE=tanraga;31703267][url]http://mc.braxnet.org/upload/info.php?file=jd1vqv.jpg[/url] [editline]13th August 2011[/editline] also i made this, it is quite useful: [url]http://charlie.bz/albumart.rhtml[/url][/QUOTE] Oh you sly bastard, exif xss :v:
[QUOTE=EDDY TT;31712720][thumb]http://horobox.co.uk/u/Reag_1313288703.png[/thumb] Spent way too much time on this, still needs editing in some parts.[/QUOTE] That's... a lot of brown. Looks a bit dull, I think.
[QUOTE=Giraffen93;31713348]Oh you sly bastard, exif xss :v:[/QUOTE] striptags is not the right way to deal with it, use htmlspecialchars() [editline]14th August 2011[/editline] [QUOTE=Giraffen93;31713348]Oh you sly bastard, exif xss :v:[/QUOTE] You should also be escaping [b]everything[/b], even if you know they're only going to be numbers. Escaping everything is a good habit to get into, and the view engines in some web frameworks (Rails' ERB, Erubis, and Razor in ASP.NET MVC) actually force you to unescape if you need to output html, rather than the other way round.
Sorry, you need to Log In to post a reply to this thread.