Thread: FREE vB licenses for Hack/Mod creators
View Single Post
  #1  
Old 12-23-2007, 10:49 PM
pastalover pastalover is offline
 
Join Date: Dec 2007
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I appreciate your response Blaine0002. This reminds me of a comic strip that I once seen called "bobby tables" - google it, it is funny.

"Obscurity" as a protection, proves to be little or no protection at all. Just look at anything that is hacked. If an exploiter is so inclined, they CAN find information on the desired subject they want to exploit. Just take a look at pay-tv systems, playstations, or even vbulletin itself. "Obscurity" proved to be nothing more than a minor inconvenience. While carousing through google looking for information about vbulletin, I found many things from people you would consider "unfriendly". It was not hard finding every plugin that vbulletin has ever had posted on this site.

Sure, you may get more people that exploit weaknesses, yet you would get more people that could sanitize these vulnerabilities before they ever made it to the public scene. "Obscurity" will not stop someone with the "know how", not if they are obliging enough. Instead, we should be looking at sanitizing every sort of user input, to get rid of these vulnerabilities. And coders themselves should be on the lookout for other coder's code that could pose a potential vunerability... then discuss how to fix it.

What would you rather have? A product with holes in it that a select few can exploit at will, at any given time... things that aren't public? Or the exploits to made public, and fixes to be made? I would choose the latter of these two options.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01111 seconds
  • Memory Usage 1,761KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete