 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 401 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: PHP-Nuke Security GFX Mapping - Potential Risk (Score: 1)
by inkydink1234 on Friday, February 13 @ 10:47:22 CET
(User Info | Send a Message) | I understand completely. Paul said
"So you see, the $random_num has already been generated. Which means if you refresh the link in the article several times or hundreds of times today without changing your user agent you will see the same security code value over and over again"
Refreshing the link is the test I performed and fails. That's what I am responding to. If you want to depend on the sitekey as a seed then forget about the config.php and set $sitekey equal to another random number right in the routine. Or randomize $sitekey from config.php in the routine. Virtually any breach of a system is dependent on being able to reproduce or reconfigure some kind of code. As you or someone else has said, all of these things are meant to deter and/or confuse. To me this is not a SECURITY risk because no security is ever breached, I get more useless hits from one time wonders with yahoo addresses than any bot would do. |
| Parent | | | | | |
|