Re: we need to integrate new password algorhythm ASAP |
Subject: Re: we need to integrate new password algorhythm ASAP by GibaPhp on 2008/3/12 1:26:26 About integrate new password algorhythm, is necessary, but... http://www.php.net/manual/en/ref.mcrypt.php This function now in version 5 is native and can be used on a large scale. ProvĂȘ a method of using very strong and robust. In the past she had great depĂȘndencias on the operating system, but I feel that in today it is already in better versions of php5. In many security sites have heard very well for their use as a key that does not allow feedback and works with 128bits. Now I have a real problem in complex and both suggested this function, as the use of this new approach proposed Vaughan I will not advance in anything. Case Real - The hacker invades the site and amending configs of xoops. - This change is minimal, is only one escape "> within this. - From now he knows where the door is and will use it combined with other things and will pass unnoticed. Although the server may have a reasonable safety, "there is no 100% secure server," will be very difficult to find it. Even if today there is no flaw in the code of impresscms, the site will be invaded. The reason is the lack of filtering the output. Most of the things is to not allow the entry of malicious code, but there are several things to be done during a search or query. It is not enough just to verify the data entry, we need to evaluate the output of data with urgency. XoopsToal is offline and will be transferred to another server. Everything that is stored in the database must be verified. This data base has more than 220mb of information and is not an easy task. |