i am running vb 2.2.4.. and i would like to modify it to allow .swf files as avatars..i heard there is a hack out for it..can anyone point me in the right direction?

I would not reccomend this as it could pose a major security risk to your site.

There are people who can manipulate the *.swf files and hack your boards right away

- miSt

Can I make it where a user needs a huge # of posts before he/she can use flash in sig.. which means they have to come to me and if I know/trust them I would add it for them?

can that work?

Even still i wouldn't trust users who have a high number of posts...

No-one can be trusted with this my friend..

- miSt

Like Mist said...

.swf is too dangerous to be used as an avatar...

Also - Im not sure that vBulletin could use it as an Avatar...

Satan

It is possible satan...

But i wouldn't show anyone how to do it as i wont be held responsible for the damage it may cause..

- miSt

the problem is that you have actionscript in flash and you could use it to steal cookies which would give you a userid and a password hash :)

Indeed...

If they want animated Avatars, tell them to make Animated .gif's...

Satan

Thats what i do on my forum satan :D

- miSt

Or just give members nothing and admins get all :D

Yea!!


Mark :)

I'd like to learn more about why it's a security issue.
Is there any way around this?
I'd really like to get some flash sigs on my forums as well.

Have these issues been resolved for 3.0.3?

Dean is always paranoying about security, it's his job... btw, this thread is 2 years old, so many things have changed...

btw, manipulating a swf is the same as manipulating a .php to become a .gif and then hack a complete board... there is nothing you can do about it, or just not do it...

for each feature you add to a board, there is a hacker happy to play with it and make your world a nightmare... hopefully, hackers are more occupied with phpBB and IPB these days...

Those pesky hackers.