Thread: How are sites like xanga.com able to enable HTML and flash?
View Single Post
  #16  
Old 10-25-2003, 11:06 PM
KuraFire's Avatar
KuraFire KuraFire is offline
 
Join Date: Oct 2001
Location: inside vB3's .php
Posts: 1,245
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
As far as I know, those sites have spent many thousands of dollars on implementing very intricate security systems against this. Personally, I doubt they're really 100% secure (I've yet to be convinced on how you can verify the workings of a compiled object without being able to see the source) but in their case I reckon they're mostly just using systems that have virtually no execution power at all.

Do you know what a BOA server is? If so, that could give you an idea of how such sites are (most likely) set up. Scripts (ie. php scripts and the like) cannot be executed because there is no PHP installed, etc. etc. etc.
By disabling a lot of such things you can dramatically limit what power any malicious file can have. For if a malicious file cannot execute any commands or anything, there's very little remaining that it can do.
However, since you're running a vBulletin forum, likely on a shared or dedicated hosting, meaning a server with apache and mysql and php and god knows what else installed, you don't have that option.

See the problem?
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01084 seconds
  • Memory Usage 1,761KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete