phat code A narrow mind has a broad tongue.







View Message

Back to Messages
subxero Sat Nov 10 2007 at 1:35 am
It's the same way with my site --
The "Click here to edit this post" link is technically available to anyone, and it's easy to spoof to edit any post, by pushing stuff into the $_POST[] array but you have to know the exact time in seconds the post was made and the IP address from which it was made, and spoof them both. Not an easy task.

So there's essentially no security risk. Also, these sites, as awesome as they are, aren't particularly high-profile. There aren't exactly a lot of hackers out there really wanting to get into Phatcode.

ALSO, agamemnus, just use PHP. Please, for the good of all of us (except the ones who are dead), use PHP instead of compiled code (from fbc) on the server. PHP is more than fast and efficient enough to do what you want it to do.

Reply to this Message


No HTML is allowed, except for <code> <b> <i> <u> in the message only.
All URLs and email addresses will automatically be converted to hyperlinks.