Go Back   vb.org Archive > Community Central > Community Lounge
Reload this Page security seems not a main priority in vb hacks
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #71  
Old 03-25-2005, 07:09 PM
sabret00the's Avatar
sabret00the sabret00the is offline
 
Join Date: Jan 2003
Location: London
Posts: 5,268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
here's a question

is it bad to do

PHP Code:
$variable addslahes($variable);
$DB_site->query("INSERT INTO table(column)
VALUES ($variable)"); 
Reply With Quote
  #72  
Old 03-25-2005, 07:42 PM
Tekton Tekton is offline
 
Join Date: Jun 2004
Location: Wisconsin
Posts: 362
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I'm getting into the habit of uni'ing and adding the slashes to anything that isn't intvaled when inserted into the DB with user added stuff.
Reply With Quote
  #73  
Old 03-25-2005, 07:57 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by sabret00the
here's a question

is it bad to do

PHP Code:
$variable addslahes($variable);
$DB_site->query("INSERT INTO table(column)
VALUES ($variable)"); 
That is Ok
Reply With Quote
  #74  
Old 03-25-2005, 08:16 PM
sabret00the's Avatar
sabret00the sabret00the is offline
 
Join Date: Jan 2003
Location: London
Posts: 5,268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by MarcoH64
That is Ok
thanks
Reply With Quote
  #75  
Old 10-22-2005, 04:45 AM
MRGTB MRGTB is offline
 
Join Date: Dec 2004
Posts: 548
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
On a lighter note, this thread made me laugh a little!

Because I see many people who have loads of hacks installed. Then when a new version of vBulletin is released they sometimes remove there whole board because of mass hacking which they cannot revert back to upgrade to a new version of vBulletin. Then after doing a clean install of the new vBulletin version to plug possible security issues, they then re-hack there board all over again which could possibly add security issues all over again which they just upgraded to avoid.

Hahaha, Guess there must be method in that madness somewhere! :squareeyed:
Reply With Quote
  #76  
Old 10-22-2005, 10:09 AM
Onimua Onimua is offline
 
Join Date: Apr 2005
Location: Florida
Posts: 37
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Gary Bolton
On a lighter note, this thread made me laugh a little!

Because I see many people who have loads of hacks installed. Then when a new version of vBulletin is released they sometimes remove there whole board because of mass hacking which they cannot revert back to upgrade to a new version of vBulletin. Then after doing a clean install of the new vBulletin version to plug possible security issues, they then re-hack there board all over again which could possibly add security issues all over again which they just upgraded to avoid.

Hahaha, Guess there must be method in that madness somewhere! :squareeyed:
That is odd, heh.

I personally only modify files if it's something I feel is worth it (and if it's no more than at least 3 or so files). I also try to avoid plugins and hacks that modify the database as best as possible too.
Reply With Quote
  #77  
Old 10-22-2005, 10:58 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Modifying the database would not create a security problem in 99% of the cases. On the other hand 1 code edit (or even 1 plugin) could put your board wide open.
Reply With Quote
  #78  
Old 10-22-2005, 11:14 AM
Onimua Onimua is offline
 
Join Date: Apr 2005
Location: Florida
Posts: 37
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by MarcoH64
Modifying the database would not create a security problem in 99% of the cases. On the other hand 1 code edit (or even 1 plugin) could put your board wide open.
Avoidance of database changes are more of enabling me to easily upgrade more than anything else. I don't like wondering how anything database-wise would effect me later on. Just a thing of mine.
Reply With Quote
  #79  
Old 10-22-2005, 12:30 PM
Zachariah's Avatar
Zachariah Zachariah is offline
 
Join Date: Feb 2002
Location: Canoga Park, CA
Posts: 2,125
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It's simple to me. RTFM
If it don't work uninstall it.

If you know how to fix it. PM / Email the creator how to fix.
Best of all, Backup so you can restore after you mess it up.

It's a NO BRAINER.

Reply With Quote
  #80  
Old 10-22-2005, 01:52 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
We where talking security i think?
Reply With Quote
Reply
Page 8 of 8 « First 67 8

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:37 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04307 seconds
  • Memory Usage 2,251KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete