Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Discussions (General)
 Moving Hidden username & password to post_info

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
   

T O P I C    R E V I E W
SiSL Posted - 11 April 2009 : 06:04:30
I'm curious if it would be better to move action to check hidden username and password on quickreply or message posts if done via cookie to post_info rather than leaving trail at cache as html on any topic reads.

Just brain storming. I know if someone reaches cache, it may reach cookies and such etc too, but still curious if it would be more secure than direct post for sniffers.

PS: This is not for default Snitz behaviour, just asking if modifying a behaviour would break something else.


4   L A T E S T    R E P L I E S    (Newest First)
SiSL Posted - 11 April 2009 : 14:16:10
quote:
Originally posted by ruirib

Hmmm I guess you could do that, but then you'd need to read them from the cookie...



Yes ofcourse, just change where cookie is read, instead of post form, I'll read cookie where the form is processed.
ruirib Posted - 11 April 2009 : 14:12:33
Hmmm I guess you could do that, but then you'd need to read them from the cookie...
SiSL Posted - 11 April 2009 : 14:10:33
My question was, instead of writing "input type="hidden" name="username" etc. or "input type="hidden" name="password" value=" (sha256 of pw) (say on Quick Reply) or Reply or new Topic if user logged in, would it be better to use these values at post_info, rather than posting those two and leave those values in cache html.
ruirib Posted - 11 April 2009 : 10:36:22
What is your question, sorry? Can you make it clear?

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.07 seconds. Powered By: Snitz Forums 2000 Version 3.4.07