| T O P I C R E V I E W |
| SiSL |
Posted - 11 April 2009 : 06:04:30
I'm curious if it would be better to move action to check hidden username and password on quickreply or message posts if done via cookie to post_info rather than leaving trail at cache as html on any topic reads.
Just brain storming. I know if someone reaches cache, it may reach cookies and such etc too, but still curious if it would be more secure than direct post for sniffers.
PS: This is not for default Snitz behaviour, just asking if modifying a behaviour would break something else.
|
| 4 L A T E S T R E P L I E S (Newest First) |
| SiSL |
Posted - 11 April 2009 : 14:16:10
quote:
Originally posted by ruirib
Hmmm I guess you could do that, but then you'd need to read them from the cookie...
Yes ofcourse, just change where cookie is read, instead of post form, I'll read cookie where the form is processed. |
| ruirib |
Posted - 11 April 2009 : 14:12:33
Hmmm I guess you could do that, but then you'd need to read them from the cookie... |
| SiSL |
Posted - 11 April 2009 : 14:10:33
My question was, instead of writing "input type="hidden" name="username" etc. or "input type="hidden" name="password" value=" (sha256 of pw) (say on Quick Reply) or Reply or new Topic if user logged in, would it be better to use these values at post_info, rather than posting those two and leave those values in cache html. |
| ruirib |
Posted - 11 April 2009 : 10:36:22
What is your question, sorry? Can you make it clear? |
