<![CDATA[PunBB Forums — Increased Security and Code Optimization]]> https://punbb.informer.com/forums/topic/10627/increased-security-and-code-optimization/ Wed, 01 Mar 2006 00:35:07 +0000 PunBB <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63609/#p63609 Browse hacker forums. Even experienced hackers/crackers won't even bother trying to hack a database with salted sha1 passwords.

]]> Wed, 01 Mar 2006 00:35:07 +0000 https://punbb.informer.com/forums/post/63609/#p63609 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63545/#p63545 Well, would you be comfortable with teh fact that the admin could easily crack your password by looking at the DB?

]]> Tue, 28 Feb 2006 19:00:10 +0000 https://punbb.informer.com/forums/post/63545/#p63545 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63544/#p63544 is this salt really needed? cracker first needs to obtain hashed password  somehow, which is practically impossible without getting into db itself

]]> Tue, 28 Feb 2006 18:52:37 +0000 https://punbb.informer.com/forums/post/63544/#p63544 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63421/#p63421 Rickard wrote:

Personally, I think short tags are a bad idea. For example, what happens if you create a PHP script that starts with:

<?xml version="1.0" encoding="ISO-8859-1"?>

Well, you get a parse error.

Yeah, it works that way with my host, and it drives me crazy.

]]> Mon, 27 Feb 2006 20:12:54 +0000 https://punbb.informer.com/forums/post/63421/#p63421 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63396/#p63396 Salts are a good idea. It's on the todo list.

We don't use short tags because some servers might have it disabled. The number of servers is irrelevant. The fact that there are servers out there with it disabled forces us to not rely on it. Personally, I think short tags are a bad idea. For example, what happens if you create a PHP script that starts with:

<?xml version="1.0" encoding="ISO-8859-1"?>

Well, you get a parse error.

]]> Mon, 27 Feb 2006 12:57:25 +0000 https://punbb.informer.com/forums/post/63396/#p63396 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63142/#p63142 Lol, we prolly have about the same setup Smartys tongue

]]> Fri, 24 Feb 2006 17:15:56 +0000 https://punbb.informer.com/forums/post/63142/#p63142 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63099/#p63099 I figured, it explained a bit about why my setup was so odd tongue

]]> Thu, 23 Feb 2006 22:47:46 +0000 https://punbb.informer.com/forums/post/63099/#p63099 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63098/#p63098 I was looking at php.ini-dist, which has the out-of-box default settings. php.ini-recommended contains non-standard settings.

]]> Thu, 23 Feb 2006 22:45:16 +0000 https://punbb.informer.com/forums/post/63098/#p63098 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63066/#p63066 Nibbler(cpg) wrote:

It's not an apache setting, it's a php setting and it is on by default. Code meant for redistribution should of be written to work without it.

I'm not sure about anyplace else, but php.ini-recommended for Windows has it off by default smile

; Allow the <? tag.  Otherwise, only <?php and <script> tags are recognized.
; NOTE: Using short tags should be avoided when developing applications or
; libraries that are meant for redistribution, or deployment on PHP
; servers which are not under your control, because short tags may not
; be supported on the target server. For portable, redistributable code,
; be sure not to use short tags.
short_open_tag = Off

]]> Thu, 23 Feb 2006 11:30:05 +0000 https://punbb.informer.com/forums/post/63066/#p63066 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63047/#p63047 It's not an apache setting, it's a php setting and it is on by default. Code meant for redistribution should of be written to work without it.

]]> Thu, 23 Feb 2006 04:37:46 +0000 https://punbb.informer.com/forums/post/63047/#p63047 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63031/#p63031 elbekko wrote:

Well, anyone who turned short tags off. And that's a surprising lot tongue

short tags are off in the default httpd.conf that comes with Apache, so more like anyone who didn't turn them on tongue

The password salt suggestion isn't a bad one though.

]]> Wed, 22 Feb 2006 20:43:50 +0000 https://punbb.informer.com/forums/post/63031/#p63031 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63030/#p63030 Well, anyone who turned short tags off. And that's a surprising lot tongue

]]> Wed, 22 Feb 2006 20:17:27 +0000 https://punbb.informer.com/forums/post/63030/#p63030 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63024/#p63024 snowman wrote:

What kind of server wouldn't?

Servers without the --enable-short-tags I believe.

]]> Wed, 22 Feb 2006 19:45:39 +0000 https://punbb.informer.com/forums/post/63024/#p63024 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63023/#p63023 What kind of server wouldn't?

]]> Wed, 22 Feb 2006 19:32:49 +0000 https://punbb.informer.com/forums/post/63023/#p63023 <![CDATA[Re: Increased Security and Code Optimization]]> https://punbb.informer.com/forums/post/63022/#p63022

This is the shorthand version and may save some keystrokes in the future:

Code:

<?=$var ?>

This performs the exact same echo.

Don't do that. Ever. Cos many servers don't support short tags tongue

]]> Wed, 22 Feb 2006 19:24:47 +0000 https://punbb.informer.com/forums/post/63022/#p63022