Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Discussions (General)
 Moving Hidden username & password to post_info		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

SiSL
Average Member

Turkey
671 Posts
Posted - 11 April 2009 :  06:04:30  Show Profile  Visit SiSL's Homepage  Reply with Quote
I'm curious if it would be better to move action to check hidden username and password on quickreply or message posts if done via cookie to post_info rather than leaving trail at cache as html on any topic reads.

Just brain storming. I know if someone reaches cache, it may reach cookies and such etc too, but still curious if it would be more secure than direct post for sniffers.

PS: This is not for default Snitz behaviour, just asking if modifying a behaviour would break something else.
CHIP Online Forum

My Mods
Select All Code | Fix a vulnerability for your private messages | Avatar Categories W/ Avatar Gallery Mod | Complaint Manager
Admin Level Revisited | Merge Forums | No More Nested Quotes Mod
Edited by - SiSL on 11 April 2009 06:06:46

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 11 April 2009 :  10:36:22  Show Profile  Send ruirib a Yahoo! Message  Reply with Quote
What is your question, sorry? Can you make it clear?

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

SiSL
Average Member

Turkey
671 Posts
Posted - 11 April 2009 :  14:10:33  Show Profile  Visit SiSL's Homepage  Reply with Quote
My question was, instead of writing "input type="hidden" name="username" etc. or "input type="hidden" name="password" value=" (sha256 of pw) (say on Quick Reply) or Reply or new Topic if user logged in, would it be better to use these values at post_info, rather than posting those two and leave those values in cache html.
CHIP Online Forum

My Mods
Select All Code | Fix a vulnerability for your private messages | Avatar Categories W/ Avatar Gallery Mod | Complaint Manager
Admin Level Revisited | Merge Forums | No More Nested Quotes Mod
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 11 April 2009 :  14:12:33  Show Profile  Send ruirib a Yahoo! Message  Reply with Quote
Hmmm I guess you could do that, but then you'd need to read them from the cookie...

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

SiSL
Average Member

Turkey
671 Posts
Posted - 11 April 2009 :  14:16:10  Show Profile  Visit SiSL's Homepage  Reply with Quote
quote:
Originally posted by ruirib

Hmmm I guess you could do that, but then you'd need to read them from the cookie...


Yes ofcourse, just change where cookie is read, instead of post form, I'll read cookie where the form is processed.
CHIP Online Forum

My Mods
Select All Code | Fix a vulnerability for your private messages | Avatar Categories W/ Avatar Gallery Mod | Complaint Manager
Admin Level Revisited | Merge Forums | No More Nested Quotes Mod
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.09 seconds. Powered By: Snitz Forums 2000 Version 3.4.07