.:: Bots United ::.  
filebase forums irc server wiki web
cubebot epodbot fritzbot gravebot grogbot hpbbot ivpbot jkbotti joebot
meanmod podbotmm racc rcbot realbot sandbot shrikebot soulfathermaps waypoints yapb

Go Back   .:: Bots United ::. > Developer's Farm > General Programming
General Programming Help others and get yourself helped here!

Reply
 
Thread Tools
cookie and session security
Old
  (#1)
Ancient
PodBot MM's Laziest Waypointer
 
Ancient's Avatar
 
Status: Offline
Posts: 1,010
Join Date: Jan 2005
Location: Nebraska, United States of America
Default cookie and session security - 24-07-2007

I don't really know how to use cookies so I've been using Sessions.

Is that safe?

I've been putting passwords as md5, but I dunno if my portals are safe or not.
I've heard that there are cookie injectors or something like that.


[Web Designer][Waypointer][Gamer]
CFE Games Administrator
[CFE]Games.com
[Never Trust the Untrusted]
   
Reply With Quote
Re: cookie and session security
Old
  (#2)
sPlOrYgOn
<-- He did it.
 
sPlOrYgOn's Avatar
 
Status: Offline
Posts: 1,558
Join Date: Jan 2004
Location: Los Angeles, California, USA, North America, Earth, Solar System, Milky Way.
Default Re: cookie and session security - 26-07-2007

well if memory serves me correctly.. Sessions are server-side info storages with Session IDs that are saved in cookies (client-side). So, unless there's a way for someone to steal a Session ID from someone then access the Session's info which is stored server-side, there shouldn't be any security problems.
   
Reply With Quote
Re: cookie and session security
Old
  (#3)
Ancient
PodBot MM's Laziest Waypointer
 
Ancient's Avatar
 
Status: Offline
Posts: 1,010
Join Date: Jan 2005
Location: Nebraska, United States of America
Default Re: cookie and session security - 23-08-2007

Well I have just recently made cookies for AoEEmpire.com

I've made it so people create cookies with ID and Username.
So when they auto-login with Username and ID function.

But....
I don't know.
Could you check it out if you have time?
www.AoEEmpire.com


I've tried tampering with my Cookies, but they delete themselves when I open the site.

The IDs are quite simple. like 1,2,3 etc....
But, I figured if phpBB did it, I could too, but I don't know much about security stuff.
I've tried entering a hacking attempt incase the username or password weren't the same but that backfired so I took it out.

I have it so you can fetch MySQL Info with the Session_id
and Check if the Session_username is the same as the name it fetched then it would create more sessions with the fetched mysql data.
Should I give you the common.php?
It fetches everything but the md5 password...

Right now I'm trying to create sessions so I can display usernames within the last 15 minutes etc...
Hopefully I can get it up when I open the site.


[Web Designer][Waypointer][Gamer]
CFE Games Administrator
[CFE]Games.com
[Never Trust the Untrusted]
   
Reply With Quote
Re: cookie and session security
Old
  (#4)
Ancient
PodBot MM's Laziest Waypointer
 
Ancient's Avatar
 
Status: Offline
Posts: 1,010
Join Date: Jan 2005
Location: Nebraska, United States of America
Default Re: cookie and session security - 25-08-2007

I've just created a random 30 char code activation function so hopefully nobody will ever get to see them.


[Web Designer][Waypointer][Gamer]
CFE Games Administrator
[CFE]Games.com
[Never Trust the Untrusted]

Last edited by Ancient; 25-08-2007 at 05:35..
   
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com