Home
Scripts
Contributions (Pro Mod Access)
FAQ's
Downloads
Support Forum
  SnailSource.com [Logo]
Calendar LiteCalendar Lite (Demo)
Calendar ProCalendar Pro (Demo)
LinksLinks Pro (Demo)
Log in to check your private messagesForum
RegisterRegister
Log inLog in
Log in to check your private messagesLog in to check your private messages SearchSearch FAQFAQ ProfileProfile MemberlistMemberlist UsergroupsUsergroups Join GroupsJoin Groups

Gallery session or login problem
Goto page Previous  1, 2
 
Post new topic   Reply to topic   printer-friendly view    SnailSource.com Forum Index -> Gallery->phpBB2 Integration Support printer-friendly view
View previous topic :: View next topic  
Author Message
aberrant



Joined: 04 May 2006
Posts: 8



Hlp* 13.00
PostPosted: Mon May 08, 2006 11:09 pm    Post subject: Reply with quote Direct link

You know what you can't fake the session if the IP is stored with the session and used to authenticate every time the session ID is supplied. So I don't see how it's a security risk at all, it just seems lazy.
Back to top
View user's profile Send private message
Martin
Site Admin


Joined: 24 Mar 2002
Posts: 8182



Hlp* 3655.72
PostPosted: Mon May 08, 2006 11:17 pm    Post subject: Reply with quote Direct link

aberrant wrote:
Actually I think I'd rather see G2 integration. THere isn't anything right now for G2 and phpBB is there?

Oh yes, definitely..
http://www.nukedgallery.net/forum12.html

The only bug in the current system is that you need to do an edit:
http://www.snailsource.com/forum/viewtopic.php?t=3571
... to handle album and picture ownership.. some more work is needed to ensure that comments are correctly owned or at least ownership not defaulted to the person doing the migration.

Quote:
Someone could theoretically pull the admin's session ID from the URL as it passes through some random router in internet-land and then use it to pull up the site with admin access. Using POST would make it slightly harder. In any case you'd have to fake the session before it times out. Doesn't seem like a big risk to me, but I'm trying REALLY hard not to be a programmer, it just keeps sucking me back in...

LOL.. trust me I know what you mean.. that's what happened with me that I ended up doing the integration in the first place.. and then that migration mess pulled me in briefly too..

It's a tough life finding yourself in a position when you can fix something that 500 people before you have whinged about and done diddly squat to solve.. c'est la belle via. Razz
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic   printer-friendly view    SnailSource.com Forum Index -> Gallery->phpBB2 Integration Support All times are GMT + 1 Hour
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

This board is protected by Phpbbantispam
Board Security

15557 Attacks blocked

Powered by phpBB © 2001, 2005 phpBB Group