You are not logged in. Please login or register.
PunBB Forums → Posts by Rickard
Mako wrote:
And Kenel, if you do remove HTML, leave the basic bb codes (bold, italics and underline).
Yes, of course. I might even add more bbcodes. We'll see.
About MD5. It is impossible to reverse an MD5 checksum. You can however brute force it by trying all possible combinations. If the password is 8 bytes long with lowercase, uppercase and numeric characters it takes frikken forever though :) The most popular tool for brute forcing MD5 passwords is John The Ripper.
You should ignore the search tables and instead instruct people to rebuild the search index in admin/maintenance after the conversion.
The search index is there for a number of reasons. Primarily because searching directly in the posts-table with the LIKE operator is very slow.
Samuel LB wrote:
Even worse, someone could include some <script>-tags with a javascript which sends the cookie to a cracker/hacker/whatever... Then they can use MD5-Crack to decyrpt it. Or does PunBB use sessions?
PunBB only uses cookies. What you just said about the javascript is exactly what I want to avoid. It is also what I meant when I said "Preventing cross site scripting being the primary concern" :)
Piggymon wrote:
No one needs it for normal "forum editing" anyway. Then it's settled! HTML has to go.
Yes, I believe it is :)
Yeah, but allowing users to do their own tables is seldom a good idea. They could just enter </table> and then the page layout would be destroyed.
I'm still not sure about this and would like to hear more opinions on the matter before I make up my mind. What I'm talking about is removing the ability to use HTML in posts and in signatures. Currently, the administrator can decide whether that should be allowed or not (Admin/Permissions). I want to remove it all together. The reasons are many. Preventing cross site scripting being the primary concern.
So, could you live without it?
That's nice, but why post this i four different forums? It also belongs in "Show Off".
[topic moved]
Well, what I actually meant was that I was going to reorganize the forums better, but if you have any ideas, you are more than welcome to share :)
*blush*
Unfortunately, there aren't any converters at all. I am however looking for someone interested in doing one :)
I just might do that.
[topic cleaned]
I doubt that there will be any "official" mods, but that doesn't stop anyone from making a regular PM mod.
A difficult question to answer. It would seem natural for me to say that PunBB is rock solid and that it can't be hacked. Saying that isn't very smart though. Especially considering a cross site scripting issue was discovered in version 1.0 just a few days ago :-)
Honestly, I would say that PunBB, since it has fewer features and therefore less source code, is generally less prone to having security holes than other, larger boards. I have made an effort to prevent any SQL injection vulnerabilities and hopefully, there will be no more cross site scripting problems.
Have a look at this topic: http://punbb.org/forums/viewtopic.php?id=2508
Cool! I'm not completely sure what this will do to the search indexing though (since it's locale specific). Oh, well, it'll probably work fine in most cases :)
You have to include config.php. What exit() do you stop at?
Could you please try this. Increase "Redirect time" to 5 seconds or something, log out, paste the source here for the redirect page when you log out.
The reason debug is not an options in the admin interface is that you want to be able to turn it on when/if the board suddenly stops working. How do you turn it on if the board doesn't work? :-)
Thank you! :)
Fear not, PunBB will never turn into "a graphical board" :)
Thank you :)
I do believe you need all the code between line 42 and line 68.
Hmm, that's very odd. It should redirect you to index.php. What page do you get redirected to when you log out?
Might I as what browser you are using? If it's Opera, have you set it up to identify itself as Opera?
PunBB Forums → Posts by Rickard
Powered by PunBB, supported by Informer Technologies, Inc.