FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » forum security question
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
forum security question [message #38975] Wed, 12 September 2007 03:00 Go to previous message
venus is currently offline  venus   Russian Federation
Messages: 30
Registered: August 2002
Location: Urals, Russia
Karma:
Member

just found that a number of my forum users use stolen cookies to login as admins. i've checked and found that:
- session cookie does not contain any info about ip-address ("ip validation" value does not work), so any stolen cookie can be used everywhere across network;
- session cookie does not contain any info about user password, so when admin user will change password, his stolen cookie still valid;
- cookie expiration time can be edited by user and will not be checked by forum software, so stolen cookies will be active as long as violator want.

are there any plans to change this things? i don't want to migrate my forums from fud script, but will be forced to do this due to security reasons.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Typo3 Integration
Next Topic: How long will you release new version ?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 20:58:48 GMT 2024

Total time taken to generate the page: 0.05038 seconds