Arta.
02-02-2002, 10:49 AM
Hi,
I've been writing a security checker for the vB that checks various configuration options for settings that are potential security hazards. Currently, it checks the allowhtml field on all forums, and the following records in setting:
allowhtml
allowdynimg
cookiepath
attachextensions
calallowhtml
It then scans through the polls, posts, user records & PMs for potentially harmful tags like script, object or embed.
My question here is: are there any other settings or 'things' hiding in the database that I should check? Also, these are the harmful HTML tags i'm looking for, can anyone think of any others?
<script%
<object%
<embed%
<applet%
javascript:%
Thanks for any help you can give.
I've been writing a security checker for the vB that checks various configuration options for settings that are potential security hazards. Currently, it checks the allowhtml field on all forums, and the following records in setting:
allowhtml
allowdynimg
cookiepath
attachextensions
calallowhtml
It then scans through the polls, posts, user records & PMs for potentially harmful tags like script, object or embed.
My question here is: are there any other settings or 'things' hiding in the database that I should check? Also, these are the harmful HTML tags i'm looking for, can anyone think of any others?
<script%
<object%
<embed%
<applet%
javascript:%
Thanks for any help you can give.