SunQuest
           Website Critiques
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsWeb DesignWebsite Critiques
Reload this Page

Security Check! http://www.betachat.com/login.php

Discuss Security Check! http://www.betachat.com/login.php in the Website Critiques forum on Dev Shed.
Security Check! http://www.betachat.com/login.php Website Critiques forum discussing your website. Get recommendations on areas of improvement by design and development experts. Discover your site's weak spots. You must be a member for at least 30 days and have at least 30 posts to list your site.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old November 24th, 2003, 08:09 PM
URSLOWR URSLOWR is offline
<? unset($sanity) ?>
Dev Shed Novice (500 - 999 posts)
  
Join Date: Jul 2003
Posts: 613 URSLOWR User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 1 m 38 sec
Reputation Power: 5
Security Check! http://www.betachat.com/login.php
http://www.betachat.com/login.php

Okay. Reason I'm doing this is because I need to hide the actual url so certain users don't know where to run the script they use to wreck havoc on the chatroom. As an example the room url for the certain rooms are..

PHP Code:
//Room Name
the Bar

// Room URL
???????????

// Room Name
the Lounge

// Room URL
[url]http://wishbone.optichat.com/optichat.html?oc_room=room2&oc_acc=yabber&oc_user=YabberChatTest&oc_profile=main&oc_stage=2[/url]

// Room Name
the Beer Garden

// Room URL
[url]http://wishbone.optichat.com/optichat.html?oc_room=room3&oc_acc=yabber&oc_user=YabberChatTest&oc_profile=main&oc_stage=2[/url]

// Room Name
the Basement

// Room URL
[url]http://wishbone.optichat.com/optichat.html?oc_room=room4&oc_acc=yabber&oc_user=YabberChatTest&oc_profile=main&oc_stage=2[/url] 


Now the test is.. What is the actual URL for the room name "the Bar"? Looking at the other URLs, that's basically what I'll be looking for. Also, you should know. I have spoofed the room names in the form. And no, it's not "room1". And subtract all that vBulletin parsing of target="_blank" stuff. If you do happen to find a way around it. I have to know what it is so I can fix it!
__________________
"I haven't failed, I've found 10,000 ways that won't work."
- Thomas Edison

-=Rick=-

Chat Refinance Loans
Last edited by URSLOWR : November 24th, 2003 at 08:34 PM.
Reply With Quote
  #2  
Old November 29th, 2003, 05:01 AM
Asynja Asynja is offline
Junior Member
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Nov 2003
Location: Amarillo, TX
Posts: 6 Asynja User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Send a message via AIM to Asynja
If you are using a third party script you may be out of luck. When variables or data are posted to the URL via this method:

script.php?name=James&age=40

...it's using the GET method. If you use the POST method, the data is still transmitted to the server, but it's contained in the headers and not the URL itself (it's actually dependent on the Content-length header). It is, indeed, easy to snoop POST data, but for 98% of users, it's "out of sight, out of mind".

Using the POST method on forms (instead of GET), is a simple method of "hiding" your form submission data. If, however, the data does not come from a form...for example, a text link...you will have to involve JavaScript to submit a form when a text link is clicked. (It's essentially a pass-through form submission the user never sees...)

Like I said...if you're using a third party "chat" client, you may be stuck with what you have. If you are willing to change, however, there are a great variety of FREE chat scripts for many languages out there...all you have to invest is some time browsing and testing.

Historically, however, chat (especially real-time systems like IRC) has always been a security disaster. Asking for a secure chat system is like telling the sun not to shine. It will work half the time.

Hope this helps.
Reply With Quote
  #3  
Old November 29th, 2003, 10:19 AM
URSLOWR URSLOWR is offline
<? unset($sanity) ?>
Dev Shed Novice (500 - 999 posts)
  
Join Date: Jul 2003
Posts: 613 URSLOWR User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 1 m 38 sec
Reputation Power: 5
Hehehe, so far though, only one person has been able to crack open my actual values, and stick them in my face to see. I think that so far. The script I created does somewhat of a good job in hiding, or spoofing the variables. And for the back end person trying to get the values, I've made it such a pain in the *** to get the source that they'll either get bored with decoding everything. Encoding the source is just a diversion, nothing more. Can be decoded in about 5 minutes. But it's the fact that they have to.
Reply With Quote
Reply

Viewing: Dev Shed ForumsWeb DesignWebsite Critiques > Security Check! http://www.betachat.com/login.php

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 

SlickEdit




© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 6 hosted by Hostway