Jump to content

Azu

Members
  • Posts

    1,047
  • Joined

  • Last visited

    Never

Posts posted by Azu

  1. Yes exactly. Isn't that what a session is? So that you can store some data when the user doesn't accept cookies and you don't want to use their internet address?

     

    In any case I am trying to find something more secure/permanent/harder to forge then any of these, since at the moment they can all be hacked by the users one way or another (although not so easily/quickly when using IPs).

     

    This is kind of getting off topic though. I really doubt that anyone will come up with a feasible way to reliably tell users apart with the state the internet is in right now (all of that DHCP stuff that makes computers' addresses keep changing over and over).

     

    I'd really appreciate it if someone would tell me which parts of my site have errors/security problems s that I can try to fix them ^^ I definitely CAN fix those kinds of problems right now..

     

    Sorry if I made typos in this, the o and p keys on my keyboard are broke right now so I have to copy and paste them =/

  2. i thort about the use of time() and did realise the 1sec problem, i'm going to implement the naming a little better to improve.

     

    im still unsure how to validate the cookie value of 'lastimage'

     

    the value last image should only be "", "noimage" or a number

     

    any ideas?

     

    if($uservariable='noimage')$var='no';

    elseif(ctype_digit($uservariable))$var=$uservariable;//Feel free to add intval() around this but it shouldn't be needed

    elseif($uservariable!=''){echo'XSS detected';die();}

  3. Are you sure? I thought they used persistent cookies.

     

    Aren't sessions the little variables that you pass through URLs and if anyone gets access to the URL they can just goto it and then be logged on in that session? Not many good ways to prevent these from being passed to other websites through referrer header.

     

    And I know that in some ISPs somebody's address gets changed once in a while, but at least you can't reset it instantly in less then a second by just pressing a hotkey like you can with cookies and sessions ^^ so it's a LITTLE more secure then them I think.

     

    If there is something more reliable to go on then please tell me and I will be glad to use it. I can't think of any though. MAC addresses aren't normally sent are easy to spoof anyways, regardless of your ISP. So they would be less secure. And I can't think of anything else that is in any way unique to a user and is sent over the internet.. =\ any thoughts on this would be welcome.

  4. In any case, it's always good to make sure that you're website complies with standards and works in more then just the top 3 browsers.

    Trust me you won't regret it :)

     

     

     

    @Aureole,

    interesting statistics.

     

    Mine are a bit different, if you want to compare here they are

     

    Registered users using these browsers; internet Exploder: (4809)25.9%, Firefox: (3388)18.3%, Opera (478)2.6%, Safari (53).29%, Mozilla (27).15%, Netscape(17).09%, AOL(7).04%

     

    Unknown(users registered before I started keeping track of browsers) (9768)52.7%

  5. Thanks.. the whole point of this though is to instantly block it as soon as it happens though.. and all I really want to do is just tell my website not to respond to the request. Not my whole computer just my PHP website. So I'm not sure why a firewall would be needed. Also this needs to be something OS independent (isn't that the whole point of PHP? ^_^)

  6. Okay thanks.. well if it's not possible to do it this way, is there another way to make a client think my server is offline?

     

    This is mainly for something I am making to try to automatically detect XSS attacks from E.G. automated tools and block them A.S.A.P.

     

    And the most secure response is no response so ya.. I thought that this was how I should do it..

  7. Yes exactly that is what happens when it gets no response and it differs from browser to browser it's not something in the HTML.

     

    So please tell me how to make PHP die instantly without sending anything to the browser so that the browser reacts that way.

  8. If my code is running fine without initializing variables, should I just leave it as is, or is there a benefit to initializing them?

     

    Also, which way is best to initialize? $a=$b=$c=''; or $a='';$b='';$c=''? Or is there a better way then both of these?

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.