Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 02-27-2006, 09:15 PM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

File Datastore doesn't unserialize.

@Paul M
I didn't say that using a certain plugin is always a security risk, I said that using custom modifications (eg. that includes all modifications) is always a security risk.

If there were only two plugins, ohne that echos "Hello World" and another one that make that makes the calling user admin.
Now, if there is the question "Are plugins save?", what would you answer without going into detail for specific hacks, etc.?
Reply With Quote
  #12  
Old 02-27-2006, 09:20 PM
Trigunflame's Avatar
Trigunflame Trigunflame is offline
 
Join Date: Aug 2002
Posts: 742
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Andreas
File Datastore doesn't unserialize.
The filebased datastore many not serialize but my original point still stand

Regardless, its still loading uncompiled data in that pluginlist array which is stored in memory during the request.

ps. forgot about it using var_export, ive always used eaccelerator personally.
Reply With Quote
  #13  
Old 02-28-2006, 01:55 PM
tehste tehste is offline
 
Join Date: Feb 2004
Posts: 221
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Trigunflame
The filebased datastore many not serialize but my original point still stand

Regardless, its still loading uncompiled data in that pluginlist array which is stored in memory during the request.

ps. forgot about it using var_export, ive always used eaccelerator personally.
Trigun have you benchmarked a board using your accelerator against the file datastore? I would be interested in the results.
I'm genuinely interested in this by the way it's not a redundant question.

Maybe there should be more tick box things (in the forthcoming, elusive, hack db) like:
inserts to db
changes permission stuff
could mess up
etc.
A little self regulation could help people make the right choice
Reply With Quote
  #14  
Old 03-03-2006, 06:26 AM
Cap'n Steve's Avatar
Cap'n Steve Cap'n Steve is offline
 
Join Date: Feb 2004
Location: Kalamazoo, MI, USA
Posts: 745
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Andreas
Using custom modifications is always a security risk!
Running any kind of code is a security risk. You just trust Jelsoft to write better code than most.
Reply With Quote
  #15  
Old 03-04-2006, 01:01 AM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

People with multiple web servers can't really use file datastore and have to use either eA or memcache which has their own issues.
Reply With Quote
  #16  
Old 03-04-2006, 01:05 AM
Robbed Robbed is offline
 
Join Date: Oct 2005
Posts: 329
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Even if you use no hacks it still can be a security risk lol
Reply With Quote
  #17  
Old 03-04-2006, 02:47 AM
Code Monkey's Avatar
Code Monkey Code Monkey is offline
 
Join Date: May 2004
Posts: 1,080
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Leaving your home is a security risk.
Using the telephone is a security risk.
Having friends is a security risk.
Drinking tap water is a security risk.
Etc,etc, etc......
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:29 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04913 seconds
  • Memory Usage 2,221KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete