phatcode.net / forum / view message

View Message

subxero Sat Nov 10 2007 at 1:35 am
It's the same way with my site --

The "Click here to edit this post" link is technically available to anyone, and it's easy to spoof to edit any post, by pushing stuff into the $_POST[] array but you have to know the exact time in seconds the post was made and the IP address from which it was made, and spoof them both. Not an easy task.

So there's essentially no security risk. Also, these sites, as awesome as they are, aren't particularly high-profile. There aren't exactly a lot of hackers out there really wanting to get into Phatcode.

ALSO, agamemnus, just use PHP. Please, for the good of all of us (except the ones who are dead), use PHP instead of compiled code (from fbc) on the server. PHP is more than fast and efficient enough to do what you want it to do.

security risk with session ids and current server setup - agamemnus (Fri Nov 9 2007 at 12:20 pm)

yes that should work - Plasma (Fri Nov 9 2007 at 6:45 pm)
- someone sending a link to do something - agamemnus (Fri Nov 9 2007 at 8:50 pm)
  - and how would that someone get your session id? * - Plasma (Fri Nov 9 2007 at 10:04 pm)
    - It's the same way with my site -- - subxero (Sat Nov 10 2007 at 1:35 am)
      - Actually using FB as CGI *is* kinda cool .. - Marcade (Sat Nov 10 2007 at 7:06 am)
        I'll agree, it's neat-o, but a bit overkill for simple web apps. - subxero (Sat Nov 10 2007 at 4:44 pm)
        that may be true BUT... - agamemnus (Sat Nov 10 2007 at 5:08 pm)
        .. I think you will find out eventually .. - Marcade (Sat Nov 10 2007 at 5:40 pm)
        =D * - agamemnus (Sun Nov 11 2007 at 11:28 am)

Reply to this Message

Name
Subject

Message



No HTML is allowed, except for <code> <b> <i> <u> in the message only. All URLs and email addresses will automatically be converted to hyperlinks.

Forum

View Message

Reply to this Message