Welcome, Guest. Please Login or Register.
May 10, 2025, 09:10:46 PM
Home Help Search Log in Register
News: SMF is the next generation in forum software, almost completely re-written from the ground up, make sure you don't fall for cheap imitations that suffer from feature bloat!

YaBB SE Community  |  Development  |  Mod Ideas and Creation  |  Security Enhancement, Keys For Actions « previous next »
Pages: 1 [2] Reply Ignore Print
Author Topic: Security Enhancement, Keys For Actions  (Read 837 times)
David
Destroyer Dave
Global Moderator
YaBB God
*****
Posts: 5761


I'm not a llama!

WWW
Re:Security Enhancement, Keys For Actions
« Reply #15 on: March 21, 2003, 04:26:52 AM »		 Reply with quote
Quote from: Jack.R.Abbit on March 21, 2003, 04:24:28 AMI guess since you won't always have a username for the person requesting the action (maybe never) you can't really do much.  So if the "Key already exists" error gets logged into the normal board error log not much else you can do.  Only thing maybe is to ban that IP after like 10 failed attempts or something but history shows that the bastards doing bad things usually have ways around IP ban so it would not solve anything.
The thing with the IP banning is I think it is a good idea only if you can do something like ban somebody for 30 minutes.  As a way to say go away but not permenantly.

Other thing is that the check function only returns false if the key doesn't match.  Thus it is up to whoever called the functions to see that and then handle it.
« Last Edit: March 21, 2003, 04:27:54 AM by David » Logged

Forum-Forum.com, A Forum For Forum Owners and Enthusiasts!
[Unknown]
Global Moderator
YaBB God
*****
Posts: 7830


ICQ - 179721867unknownbrackets@hotmail.com WWW
Re:Security Enhancement, Keys For Actions
« Reply #16 on: March 21, 2003, 04:37:25 AM »		 Reply with quote
Quote from: David on March 21, 2003, 04:10:32 AM
Good idea.  What is the vairable that ID_MEMBER is stored in, like username is $username.

Also is there a function to look up ID_MEMBER given a username?  Like the forgotten password the user inputs the username.

$ID_MEMBER.

Why use a function??

SELECT ID_MEMBER
FROM {$db_prefix}members
WHERE memberName='hi';

(the query only uses keys, so it would be fast too... could be integrated into another query of course...)

As far as the logging.... that's why I seperated the error logging in my secret project.  No there's a log_error function that ONLY logs an error.  (which simplifies things...)

-[Unknown]
Logged
David
Destroyer Dave
Global Moderator
YaBB God
*****
Posts: 5761


I'm not a llama!

WWW
Re:Security Enhancement, Keys For Actions
« Reply #17 on: March 21, 2003, 04:40:50 AM »		 Reply with quote
Quote from: [Unknown] on March 21, 2003, 04:37:25 AM
Quote from: David on March 21, 2003, 04:10:32 AM
Good idea.  What is the vairable that ID_MEMBER is stored in, like username is $username.

Also is there a function to look up ID_MEMBER given a username?  Like the forgotten password the user inputs the username.

$ID_MEMBER.

Why use a function??

SELECT ID_MEMBER
FROM {$db_prefix}members
WHERE memberName='hi';

(the query only uses keys, so it would be fast too... could be integrated into another query of course...)

As far as the logging.... that's why I seperated the error logging in my secret project.  No there's a log_error function that ONLY logs an error.  (which simplifies things...)

-[Unknown]
Alright, but it will become the reasponsibility of the function that calls new_action_key and check_action_key to provide an ID_MEMBER.
Logged

Forum-Forum.com, A Forum For Forum Owners and Enthusiasts!
Pages: 1 [2] Reply Ignore Print 
YaBB SE Community  |  Development  |  Mod Ideas and Creation  |  Security Enhancement, Keys For Actions « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
 Valid XHTML 1.0! Valid CSS

Page created in 0.031 seconds with 21 queries.