Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Home
About
Team
Rules
Stats
Status
Sitemap
Chat
Downloads
Forum
News
Our Projects
Major Community Projects
Recent Posts
Unread Posts
Replies
Tools
SourceCoder3
Other Things...
Omnimaga Radio
TI-83 Plus ASM File Unsquisher
Z80 Conversion Tools
IES TI File Editor
Free RAM areas
Comprehensive Getkeyr table
URL Shortener
Online Axe Tilemap Editor
Help
Contact Us
Change Request
Report Issue/Bug
Team
Articles
Members
View the memberlist
Search For Members
Buddies
Login
Register
Omnimaga
»
Forum
»
General Discussion
»
Technology and Development
»
Web Programming and Design
»
Feature Requests
« previous
next »
Print
Pages: [
1
]
2
Go Down
Author
Topic: Feature Requests (Read 4722 times)
0 Members and 2 Guests are viewing this topic.
rivereye
LV8
Addict (Next: 1000)
Posts: 996
Rating: +0/-0
Feature Requests
«
on:
December 10, 2006, 03:19:00 pm »
Things you would like to see in Rivereye CMS? Post about it here.
Logged
>(<')
DJ Omnimaga
Clacualters are teh gr33t
CoT Emeritus
LV15
Omnimagician (Next: --)
Posts: 55943
Rating: +3154/-232
CodeWalrus founder & retired Omnimaga founder
Feature Requests
«
Reply #1 on:
December 10, 2006, 03:40:00 pm »
make sure to make it secure first before adding features
Logged
elfprince13
Guest
Feature Requests
«
Reply #2 on:
December 10, 2006, 04:04:00 pm »
'tis quite secure at the moment from what Ive tested.
Logged
DJ Omnimaga
Clacualters are teh gr33t
CoT Emeritus
LV15
Omnimagician (Next: --)
Posts: 55943
Rating: +3154/-232
CodeWalrus founder & retired Omnimaga founder
Feature Requests
«
Reply #3 on:
December 10, 2006, 04:19:00 pm »
yeah usually this is when there is features being added that we need to be more careful
Logged
rivereye
LV8
Addict (Next: 1000)
Posts: 996
Rating: +0/-0
Feature Requests
«
Reply #4 on:
December 11, 2006, 02:38:00 am »
yeah, please, whenever something gets added, test the security of it.
Logged
>(<')
DJ Omnimaga
Clacualters are teh gr33t
CoT Emeritus
LV15
Omnimagician (Next: --)
Posts: 55943
Rating: +3154/-232
CodeWalrus founder & retired Omnimaga founder
Feature Requests
«
Reply #5 on:
December 11, 2006, 02:43:00 am »
how would u do that tho? o.o
sorry but i don't know really how to hack :wacko:
(j/k but you get the idea
)
Logged
rivereye
LV8
Addict (Next: 1000)
Posts: 996
Rating: +0/-0
Feature Requests
«
Reply #6 on:
December 11, 2006, 05:11:00 am »
yeah, that is something I should learn on how to do also. Maybe elfprince13 can go through the stuff he does for us so A. I can fight it early, and B. I can test it also, as can more of us.
Logged
>(<')
KermMartian
Editor
LV7
Elite (Next: 700)
Posts: 500
Rating: +233/-20
Feature Requests
«
Reply #7 on:
December 11, 2006, 06:52:00 am »
I'll do the standard Type 0/1/2 XSS, SQLI, etc testing on it for you.
Logged
DJ Omnimaga
Clacualters are teh gr33t
CoT Emeritus
LV15
Omnimagician (Next: --)
Posts: 55943
Rating: +3154/-232
CodeWalrus founder & retired Omnimaga founder
Feature Requests
«
Reply #8 on:
December 12, 2006, 03:10:00 am »
wtf is that kerm? :gah:
Logged
elfprince13
Guest
Feature Requests
«
Reply #9 on:
December 12, 2006, 05:32:00 pm »
kk,
here's the routine:
JSI (pretty much impossible with the setup I explained to rivereye)
SQLI (pretty much impossible assuming he cleans properly--riv: I gave you my cleaning function right?)
XSS: pretty much impossible with what he has now, this will be the biggy to keep an eye on.
Logged
KermMartian
Editor
LV7
Elite (Next: 700)
Posts: 500
Rating: +233/-20
Feature Requests
«
Reply #10 on:
December 13, 2006, 04:11:00 am »
QuoteBegin-xlibman+12 Dec, 2006, 9:1-->
QUOTE
(xlibman @ 12 Dec, 2006, 9:10)
wtf is that kerm? :gah:
XSS = Cross-Site Scripting
SQLI = [My]SQL Injection
JSI = Javascript Injection
Logged
DJ Omnimaga
Clacualters are teh gr33t
CoT Emeritus
LV15
Omnimagician (Next: --)
Posts: 55943
Rating: +3154/-232
CodeWalrus founder & retired Omnimaga founder
Feature Requests
«
Reply #11 on:
December 13, 2006, 04:37:00 am »
QuoteBegin-KermMartian+13 Dec, 2006, 10:11-->
QUOTE
(KermMartian @ 13 Dec, 2006, 10:11)
QuoteBegin-xlibman+12 Dec, 2006, 9:1-->
QUOTE
(xlibman @ 12 Dec, 2006, 9:10)
wtf is that kerm? :gah:
XSS = Cross-Site Scripting
SQLI = [My]SQL Injection
JSI = Javascript Injection
wtf is that kerm? :gah:
Logged
rivereye
LV8
Addict (Next: 1000)
Posts: 996
Rating: +0/-0
Feature Requests
«
Reply #12 on:
December 13, 2006, 10:49:00 am »
elf, I don't think I have that stuff from you. Also, you are more than free to look at the source (and if any one else wants it, things could probably worked out in some way or another).
Logged
>(<')
KermMartian
Editor
LV7
Elite (Next: 700)
Posts: 500
Rating: +233/-20
Feature Requests
«
Reply #13 on:
December 14, 2006, 08:41:00 am »
QuoteBegin-xlibman+13 Dec, 2006, 10:37-->
QUOTE
(xlibman @ 13 Dec, 2006, 10:37)
QuoteBegin-KermMartian+13 Dec, 2006, 10:11-->
QUOTE
(KermMartian @ 13 Dec, 2006, 10:11)
QuoteBegin-xlibman+12 Dec, 2006, 9:1-->
QUOTE
(xlibman @ 12 Dec, 2006, 9:10)
wtf is that kerm? :gah:
XSS = Cross-Site Scripting
SQLI = [My]SQL Injection
JSI = Javascript Injection
wtf is that kerm? :gah:
It makes bad stuff happen to the server and database.
Logged
elfprince13
Guest
Feature Requests
«
Reply #14 on:
December 14, 2006, 01:39:00 pm »
QuoteBegin-KermMartian+14 Dec, 2006, 14:41-->
QUOTE
(KermMartian @ 14 Dec, 2006, 14:41)
QuoteBegin-xlibman+13 Dec, 2006, 10:37-->
QUOTE
(xlibman @ 13 Dec, 2006, 10:37)
QuoteBegin-KermMartian+13 Dec, 2006, 10:11-->
QUOTE
(KermMartian @ 13 Dec, 2006, 10:11)
QuoteBegin-xlibman+12 Dec, 2006, 9:1-->
QUOTE
(xlibman @ 12 Dec, 2006, 9:10)
wtf is that kerm? :gah:
XSS = Cross-Site Scripting
SQLI = [My]SQL Injection
JSI = Javascript Injection
wtf is that kerm? :gah:
It makes bad stuff happen to the server and database.
here's a summary of some general hacking techniques (without instructions...primarily for website defacements, but remote code execution can be a problem as well):
XSS allows hackers to insert their own code into a webpage, this comes in a huge variety of forms, forums, and any sort of messaging system tends to be vulnerable.
SQL injections allows hackers to manipulate the database at will and occasionally even execute arbitrary code on the server.
Javascript Injections are typically used for cookie stealing in conjunction with XSS, or for escalation of permissions.
other bad things that can happen:
using upload forms to overwrite files.
using download forms to view sourcecode that shouldn't be viewed.
----------------------
@rivereye: here's the code you need that will remove the risk of SQL injections entirely, you should also call strip_tags() on any data that there is any chance of ever being displayed.
c1
-->
CODE
ec1 // mysql_query() wrapper. takes two arguments. first
Logged
Print
Pages: [
1
]
2
Go Up
« previous
next »
Omnimaga
»
Forum
»
General Discussion
»
Technology and Development
»
Web Programming and Design
»
Feature Requests