The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#1
12-26-2004, 02:11 AM
|
|||
|
|||
security seems not a main priority in vb hacks
this is stupid, 2 hacks (major hacks as well with over 200 installs) i've found to be covered with holes and the simplest of hacking kiddies can exploit. This is a major issue in my opinion, and i think something needs to be done about it, or VB is going to turn into a phpnuke! and i'm sure you guys don't want that.
|
|
#2
12-26-2004, 02:28 AM
|
|||
|
|||
|
Don't install anything that modifies vB code and you should be safe. It's extraordinarly difficult to generate a qualification system to verify a hack's security.
|
|
#3
12-26-2004, 02:38 AM
|
||||
|
||||
|
No code is 100% secure, not even a default VB installation.
But that is where feedback by users is required, for the developers to fix the holes and provide solutions and patches. And good developers work hard not just to add new features, but make sure their applications ( in this case, hacks ) are as secure as possible.
|
|
#4
12-26-2004, 03:00 AM
|
||||
|
||||
|
Add-ons on this site are written by 3rd parties who are not endorsed or supported by Jelsoft in any way - as such Jelsoft offers no guarantees and take no responsibility of any add-ons or "hacks" that are hosted here. Jelsoft does not offer support for modified or "hacked" forums. You install hacks at your own risk. If you find security holes, take it up with the author of the add-on.
|
|
#5
12-26-2004, 03:41 AM
|
|||
|
|||
|
Well said, Erwin.
In simpler wording: Hack the code at your own risk. It is pretty simple. Jelsoft creates the product and charges you for it. It is rather secure all by itself. Numerous people, either associated or unassociated with Jelsoft, but not working on Jelsoft's behalf, create mods (or toys, if you'd prefer) to change the code. Buy a new car, toss on a bunch of aftermarket 'high-performance' mods and watch your warranty go down the tubes. Buy a new software package, tweak the snot out of it, and watch security holes appear. The commercial companies, which produce this type of code, test it and test it some more. The hackers produce a plug-in or a modification, make sure it works, then put it out here for us to use. Unlike the commercial companies, the mods are beta tested by you and me - if there is a problem, there is no money-back guarantee, since you didn't pay money to begin with. Hacked or not - you've invested under $200, which is peanuts.
|
|
#6
12-26-2004, 03:58 AM
|
||||
|
||||
|
Quote:
|
|
#7
12-26-2004, 05:17 AM
|
|||
|
|||
|
yea i have done so. i think a tutorial written by one of the advanced coders about simple security holes like SQL injection should be included on here. Most of the scripts on here fail to utilise basic stripping techniques to combat such things as that. I'm not here to change the world, and i'm fully capable of creating my own advanced hacks/add ons, but think it's needed to keep VB respected. not like some of the other forum/cms systems out there!
|
|
#8
12-26-2004, 10:01 AM
|
||||
|
||||
|
If you could find and get permission to post such as guide, I as a dev of the RPG Hack would be most grateful.
Even though I don't know everything about SQL Injections, I know that they happen if a query is not secure enough, and since my RPG uses alot of queries, there's tons of room for such errors. If you don't get permission to post, would you please link me to it? TIA //out
|
|
#9
12-26-2004, 10:37 AM
|
||||
|
||||
|
SQL injection and XSS is one of the biggest problems developers face. However, I'm recently finding that if you design your applications correctly, it's here-nigh impossible for anyone to do so. I can't wait to see how they've done it in the next version of vB
|
|
#10
12-26-2004, 11:15 AM
|
|||
|
|||
|
Quote:
I respect Erwin, and I understand this post 100% , Quote:
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 02:36 PM.