FUDforum: FUDforum Suggestions » forum security question

Home » FUDforum » FUDforum Suggestions » forum security question

Show: Today's Messages :: Polls :: Message Navigator

forum security question [message #38975]

Wed, 12 September 2007 03:00

venus

Messages: 30
Registered: August 2002
Location: Urals, Russia

Karma:

Member

just found that a number of my forum users use stolen cookies to login as admins. i've checked and found that:
- session cookie does not contain any info about ip-address ("ip validation" value does not work), so any stolen cookie can be used everywhere across network;
- session cookie does not contain any info about user password, so when admin user will change password, his stolen cookie still valid;
- cookie expiration time can be edited by user and will not be checked by forum software, so stolen cookies will be active as long as violator want.

are there any plans to change this things? i don't want to migrate my forums from fud script, but will be forced to do this due to security reasons.

Report message to a moderator

[Message index]

		forum security question By: venus on Wed, 12 September 2007 03:00
		Re: forum security question By: Ilia on Wed, 12 September 2007 18:32
		Re: forum security question By: venus on Thu, 13 September 2007 10:24
		Re: forum security question By: Ilia on Thu, 13 September 2007 15:25
		Re: forum security question By: venus on Fri, 14 September 2007 15:40
		Re: forum security question By: Ilia on Sun, 16 September 2007 15:19

Previous Topic:	Typo3 Integration
Next Topic:	How long will you release new version ?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri May 17 11:59:52 GMT 2024

Total time taken to generate the page: 0.07578 seconds