Jump to content

scootstah

Staff Alumni
  • Content Count

    3,858
  • Joined

  • Last visited

  • Days Won

    29

scootstah last won the day on October 28 2015

scootstah had the most liked content!

Community Reputation

104 Excellent

About scootstah

  • Rank
    Prolific Member

Contact Methods

  • AIM
    scootstah@gmail.com
  • Yahoo
    scootstah@ymail.com

Profile Information

  • Gender
    Male
  • Location
    USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. You need to SELECT the user first, to make sure the information given is valid. Then you can perform the update.
  2. Hmm, excellent point. That would be nasty. EDIT: Although, that's kind of not solving anything. If you have an SQL injection vulnerability, couldn't you just change the column value for an admin's password or token? Or, promote yourself to admin level?
  3. Ah, I believe the reason is so that you get A-Z and not A-F. So in fact you're getting a lot more entropy by hashing it.
  4. Of course, but why does that matter? You're storing the same length value of the same entropy whether you hash it or not. So what is the point of hashing it? EDIT: I guess part of my question is, why not just store it plaintext?
  5. Why hash it instead of just using bin2hex()?
  6. There is no way to tie a user to a specific device. There's no way to uniquely identify a device. The best you can do is use the user's IP address, but there's lots of problems with that. what if the user's IP changes frequently? What if the user regularly uses free hotspots? What if the user is part of a large network with other users that use your service, where they all have the same IP? What if the user uses a VPN or proxy service? So, you simply can't do what you want.
  7. Sure. What you want to do is not possible, sorry. The system you're trying to build is fundamentally flawed and easily circumvented. Why are you adamant in security for this one particular, unnecessary thing when you have blatantly ignored security in many other areas? Because we are passionate about what we do and we see someone doing it horribly wrong. We also see someone making the web an unsafe place. Do you know how many big time sites have been compromised recently that have published huge recovered password lists, due to similar security problems? It's insane, ridiculous, and
  8. Typically if I run into something like this and I am unfamiliar with the code base, I will do a full project text search to try to figure out where the HTML is coming from. In this case try searching for something like "form-row legal terms" and see if you find anything.
  9. MySQL Workbench works fine in Windows, but it's a heap of crap in Ubuntu. You can't select multiple data rows, it's slow, it crashes every 5 minutes... Is there a good alternative? I like the functionality and features that MySQL Workbench offers, but I need something a bit more stable. The features I'm looking for are: - Connect via SSH Tunnel - A nice query executor - Able to save SQL snippets (not so important, but nice) What do you guys use?
  10. You should take a screenshot of your everyday setup.
  11. Have you tried an IDE? I used to think a simple text editor was all I needed too, but then I tried an IDE. The only time I use a regular text editor now is just for real quick edits, or stuff that I don't want to make into a project in my IDE. IDE's tend to get in my way. Yeah, that's how I felt too. I have my Eclipse setup to be pretty minimal though. For example, the annoying help box that pops up with every keystroke is disabled. It only pops up if I want it to by hitting ctrl+space. Most of the time it is unneeded, though sometimes I need it to remember which order
  12. Have you tried an IDE? I used to think a simple text editor was all I needed too, but then I tried an IDE. The only time I use a regular text editor now is just for real quick edits, or stuff that I don't want to make into a project in my IDE.
  13. http://namecheap.com of course. I think I'll keep my domains at GoDaddy for now. I don't like the fact that they support SOPA, but I can't really afford double the cost of my domains per year either.
  14. I use Eclipse PDT. I just like the feel of it. Powerful if it needs to be, but simple and elegant if not. I also use Notepad++ for quick edits and such.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.