@Funya Chin: That didn't make any sense? What has their financial situation got to do with what's happened in their lifetime in this example? Nothing.
Results 41 to 50 of 272
-
Last edited by Awfy; 10-12-2008 at 06:53 PM.
-
Originally Posted by Excellent2
Come on lad, we're from the Westcountry.
-
Nothing, which is why is was in brackets to try and get you to explain why you used it's success in this thread which juxtopposes the argument you brought up in the other thread, now would you care to answer how you, a 17 year old amateur "web developer" with no degree are better than most and try and "look good" by working for youmeo. The oppurtunity only arisen because you knew Calum.
-
I'm 18 and I'm not an amateur since I do it as a professional. That means I'm a professional web designer. I have a better knowledge of this industry because I work in it, not a single other person on this forum does - tadaaaa
-
However, you're using that as a stance of greatness and arrogance - insinuating that no-one on this forum has a clue about anything apart from you.
-
PHPSESS_REAL had nothing to do with what was wrong with the site.. at all. The system was so ****** up, you could change PHPSESSID (like normal) and it would be logged in as the "person", but would post as your original PHPSESS_REAL. Originally Posted by Invent
Which was basically a repeat, and was cross-referencing the sessions!
Other then the fact that the only place on the site, that was filtered and protected.. was the replies page.
The settings page was filtered a bit, but only on that page, and the display on the home..
You need to start coding in the perspective of a hacker, and then you won't have these exploits to fix.. they won't appear at all.
Think, "what would someone do right here.. if they could", then run XSS and SQLI attempts through your mind.. and always put that to the test.
Otherwise you'll come up with this everytime.
-
Caleb stop trying to act as if we've done wrong, it was coded in 11 days on a rush to prove we could build something in that time. So Simon didn't really have the awareness due to the hours being up to 6am in the morning after a long day at work. So you can't blame him for missing here and there, you would to. Originally Posted by Dentafrice
-
My $_POST/$_GET/$_REQUEST cleaning section had an issue where one function was above another which caused the inputs to get cleaned then uncleaned. I knew what the issue was straight away when Greg told me but I forgot to remove it from when we were developing on HG (same with the issue with the sessions).PHPSESS_REAL had nothing to do with what was wrong with the site.. at all. The system was so ****** up, you could change PHPSESSID (like normal) and it would be logged in as the "person", but would post as your original PHPSESS_REAL.
Which was basically a repeat, and was cross-referencing the sessions!
Other then the fact that the only place on the site, that was filtered and protected.. was the replies page.
The settings page was filtered a bit, but only on that page, and the display on the home..
You need to start coding in the perspective of a hacker, and then you won't have these exploits to fix.. they won't appear at all.
Think, "what would someone do right here.. if they could", then run XSS and SQLI attempts through your mind.. and always put that to the test.
Otherwise you'll come up with this everytime.
-
I didn't say you were involved in it, so there is no "we" in context. Simon coded it. Originally Posted by Awfy
I don't care if it was coded in 11 days.. big whoop? It's not the time it takes.. it's the quality of it.
I/everyone else would much rather use a secure product.. then use a vulnerable one that was quickly coded through, with little thought to it.
If he didn't have the awareness.. then he should have waited until he did.
This is not some silly game, you're branding it under "Youmeo developmental labs" or some ****, then it should reflect quality.. and appear "professional".. not:
"It isn't our fault that it's vulnerable and exploitable, we coded it really fast to prove we could do it. So it doesn't matter."
This is user's data at risk, their accounts (which they signed up under..) and I'm sure the privacy policy protects their data.. wait! How can it protect their data, when a simple person executing the wrong request.. has access to all their data!
Hmm.. it can't.
Like I said.. code it in the perspective that I mentioned, and you don't have these problems.. I never have (except for simple file vulnerabilities, mime by post.. which are easily learned from), so please.. don't tell me what I would do and wouldn't do, when you certainly don't know
.
-
If the system was flawed properly and it wasn't a simple human error from lack of memory then I would agree with you about spending more time in the mind of a hacker.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts