vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Is this a security Issue? (https://vborg.vbsupport.ru/showthread.php?t=123054)

Hornstar 08-04-2006 08:51 PM
Is this a security Issue?
 
I'm selling a program on my site. I trust the coder very well, as im the one taking the money in and then passing on the profits - commision to him.

However now we want to authenticate the program so that it wont be leaked around, and so only the members who buy it will have access and to be able to use it.

This is the description the coder gave to me

"Alright, pretty simple script. I pass username/md5 hash of password/auth in GET vars. It returns one of three things. Either 0, which means invalid username or password, 1 which means the user isnt an xkb subscriber, or the email address of the user (which means that it's correct user and pass and the usr has access.) the only security issues are A) If I wanted to (only me, because you need the auth) I could try to bruteforce userpasswords with the script. and B) It gives me the users emails. I don't think either of those are an issue aslong as you consider me a trusted party."

Basically what im asking is for a vbulletin coder to take a look at the file he wants me to upload to my sever and tell him if it is safe or if it will cause security issues etc. I will forward the email with the program he sent me to any of the vbulletin coders to help me out. (Basically I'm wondering what is the worse that could be done if he decided to do something malicous etc.)

Thanks

Hornstar 08-06-2006 05:02 AM
Can anyone let me know if this will be a security issue.

Thanks

Paul M 08-06-2006 10:56 AM
What do you mean by "a security issue" ? an issue to who, and what ?

There is too little information to even understand what is being described properly - why are e-mail addresses being passed around ?

(and no, sorry, I don't have the time to look at it, just making a few quick points).


All times are GMT. The time now is 01:51 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01007 seconds
  • Memory Usage 1,708KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete