Reply to Re: Feeback wanted on site with PHP exercices

Your name:

Reply:


Posted by tom pester on 09/08/05 02:20

Hi Phil,

I am displaying the source and even php.ini to make my coding style better.
It's hosted on 1 of my home on a pc's with no sensitive data so if you can
crack it go ahead.

Do you know of any possible attacks that a hacker could launch after seeing
the output of phpInfo?

Cheers,
Tom Pester

> "tom pester" wrote:
>
>>> Turing numbers would help
>>>
>> I know about these but I kept it simple and performed another
>> (inadequate)
>> turing test.
>> Computer can add as the best and it won't be long till they can read
>> those
>> images too (if they can't already).
> Not true. Optical character recognition works fine in cases where the
> position, size and colour of the characters is approximately known.
> But unusual character styles (e.g.
> <http://www.adsmalta.com/?reason=recover>) and/or random noise and
> deformation applied to the image (e.g.
> <http://blast4dollars.com/list.php>) make things far more difficult.
>
> On the other hand, extracting two numbers from the HTML source of a
> web page and adding them together is ridiculously easy. A combination
> of file_get_contents() and simple string matching is all you need.
>
>>> but if you publish your source code you'll
>>> still make things relatively easy for the spammers:
>> I made the decision to publish the source code so I would write more
>> secure
>> code.
>> I think secure code that solely relies on obfuscation is not good
>> enough.
>> Code is really secure if a hacker can't break it even if he knows how
>> its
>> implemented.
> Well I suggest you start by learning how to write secure code before
> you publish all this stuff. You're really asking for trouble.
>
>> I rewrote the addition test with a session and a measure to avoid
>> replay attacks.
>>
> A futile effort, unfortunately.
>
>> Can you think of another way to circumvent the test other than to
>> parse the file and let a computer to the addition?
>>
> Do I need to think of another way? It would take me 5 minutes to write
> a script to crack your "security". In another 5 minutes I could have
> sent hundreds of emails from your site.
>
> Take the page down before it's too late.
>

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация