You are not logged in. Please login or register.
Active topics Unanswered topics
Search options
"vBCode"
Advantages -
More control in both available tags and layout features.
Harder to break a layout i.e. unclosed tables.
Neater messages but that is limited to the limited amount of codes.
Secure, only offer those codes that you want.
Disadvantages -
Each new code needs new parsing routines.
Can be processor intensive but this can be alleviated with parsed post caching.
Limits creativity to the codes available.
"HTML"
Advantages -
Larger range of formatting available.
understood language by technical types.
Disadvantages -
Almost impossible to secure with dynamic URL's, offsite stylesheets, behaviours and javascript available to every tag.
Learning curve for non-technical people.
Strict rules of implementation that can break your site.
Cross-site Scripting vulnerabilities which can result in the net loss of your server.
One reason taht i want to switch to html is great wysiwyg editors that exist for it like tinymce. These editors decrease the chance of unclosed tag and also have xhtml validator.
Another thing is this, You can not parse the post before inserting it in DB because when the user wants to edit the post, the bbcode must be generated again. So I don't think html validation make much overhead like parsing the post every time that it's going to be shown.
Due to some reasons (incompatibility with other parts of my site, parse overhead and ...) I want to change the storage method of post from bbcode to html.
This way the post must be checked for malicious tag like <script> before inserting in database.
I want to know if it's a good idea! the benefits and problems?
Onething that i don't understand is this, that why no forum programmer (VB, PHPBB) uses html in his code?
using of session doesn't actully mean http://www.phpbb.com/phpBB/viewforum.ph … 782856345e
you can turn it off easily
the cookie itslef is not important, but the way they handle it on the server is important!!!!
what about a site with more than 200 users online in a time? i want to know how other forum like vbulltin handle this issue? I must see.
I don't have any problem with the cookie, but with query on users table for each page aaa user see. i wonder how much overload does it impose on the server. you may answer no overload because of data caching of DBMS! i don't know!
Jansson wrote:Alli wrote:2- if the user login on another computer the return to his own, the cookie on the other machine will be valid no longer
I don't think this is the wanted behaviour. I would personally not like it since I'm on several computers.
Actually this is better. because sometimes you may login on someone else computer and forget to logout. so he would get access to your account.
Smartys wrote:Also, what's the benefits to a session? You don't want to cache the data in a session because it could have been updated. There's no way you can really store it.
what do you mean?
Actually pun_bb uses bad data to create the cookie (user_id, password). i think it's much better to have a cookie_rand(int) filed in the users table and each time user login we make a random number and update the cookie_rand with this then store this cookie (user_id, cookie). this method have two benefit:
1- if the cookie is captured it will be valid for a limited time, not till the password is changed
2- if the user login on another computer the return to his own, the cookie on the other machine will be valid no longer
the problem of implementing this is the punbb login method which will query the database each time, so we must update the cookie each time.
wondering what to do?
i think if the sid is omited from the urls (my condition), the SESSION would be safe enough - so why using cookie and query instead of SESSION?
As i know it's not possiblie to use transparent sid in all servers and this is the reason.
Another thing I want to know is this, how much oveload does this query impose on the server and wheter if it cost to change the method?
you mean that the SESSION data must be verified with users table each time?
are SESSION variables as unsafe as this?
another thing is why not storing online user data in a heap instead of anything else!
As I was reviewing punbb code, I see that it will fetch the user info from the users table every time he see a page.
i wonder it would not be faster to use SESSION variables or maybe a heap table to store required info of online users to get rid of accessing big users table each time?
please help me as soon as possible so i can advance my work.
Posts found: 13