jordanwb Posted September 10, 2008 Share Posted September 10, 2008 I'd like you guys to test the login, logout, and registration functions of my SCM: http://jordanwb.homelinux.com/scm I made a backup of the database, so SQL injection attempts won't be a problem. Link to comment https://forums.phpfreaks.com/topic/123660-solved-loginlogoutregistration-test-please/ Share on other sites More sharing options...
Maq Posted September 10, 2008 Share Posted September 10, 2008 Is there a test account? Link to comment https://forums.phpfreaks.com/topic/123660-solved-loginlogoutregistration-test-please/#findComment-638571 Share on other sites More sharing options...
jordanwb Posted September 10, 2008 Author Share Posted September 10, 2008 The registration function works. Link to comment https://forums.phpfreaks.com/topic/123660-solved-loginlogoutregistration-test-please/#findComment-638575 Share on other sites More sharing options...
Maq Posted September 10, 2008 Share Posted September 10, 2008 I take back my last post... Registration and log in work good. What's the point of having a 'user name' and a 'display name'? Link to comment https://forums.phpfreaks.com/topic/123660-solved-loginlogoutregistration-test-please/#findComment-638578 Share on other sites More sharing options...
jordanwb Posted September 10, 2008 Author Share Posted September 10, 2008 Well let's say my login name is "jordanwb" and my Display name is "Jordan". The login name would not be shown anywhere. So how could a hacker use someone's account if they can't figure out the login name? The Display name wouldn't do them any good. Security by obscurity. Link to comment https://forums.phpfreaks.com/topic/123660-solved-loginlogoutregistration-test-please/#findComment-638591 Share on other sites More sharing options...
Maq Posted September 10, 2008 Share Posted September 10, 2008 Sounds good from a security standpoint but for a user it could be confusing. Link to comment https://forums.phpfreaks.com/topic/123660-solved-loginlogoutregistration-test-please/#findComment-638595 Share on other sites More sharing options...
darkfreaks Posted September 10, 2008 Share Posted September 10, 2008 GHDB: Apache directory listing which show Apache version The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing juicy info This is a very basic string found on directory listing pages which show the version of the Apache web server. Hackers can use this information to find vulnerable targets without querying the servers. This vulnerability affects /scm/themes/FiveAreaTheme. Attack details We found intitle:index.of "Apache" "server at" Link to comment https://forums.phpfreaks.com/topic/123660-solved-loginlogoutregistration-test-please/#findComment-638652 Share on other sites More sharing options...
jordanwb Posted September 10, 2008 Author Share Posted September 10, 2008 ^ Thanks. Link to comment https://forums.phpfreaks.com/topic/123660-solved-loginlogoutregistration-test-please/#findComment-638668 Share on other sites More sharing options...
darkfreaks Posted September 10, 2008 Share Posted September 10, 2008 other than that your security seems to be rock solid Link to comment https://forums.phpfreaks.com/topic/123660-solved-loginlogoutregistration-test-please/#findComment-638695 Share on other sites More sharing options...
jordanwb Posted September 10, 2008 Author Share Posted September 10, 2008 All right sweet. Link to comment https://forums.phpfreaks.com/topic/123660-solved-loginlogoutregistration-test-please/#findComment-638701 Share on other sites More sharing options...
Recommended Posts